security-research-files 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of security-research-files might be problematic. Click here for more details.
- package/README.md +10 -0
- package/js/alert.js +1 -0
- package/package.json +10 -0
package/README.md
ADDED
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
# security-research-files
|
|
2
|
+
|
|
3
|
+
## Disclaimer
|
|
4
|
+
This package is intended for use in security research.
|
|
5
|
+
You don't need this package in regular software developments, so you should only install it if you are sure you need it.
|
|
6
|
+
|
|
7
|
+
At the point of initial publishing, this package only contains harmless files for testing purposes. Still, at some point, I may add scripts/programs that send DNS queries or connects to external servers, so please read the contents of the packages before installing this package.
|
|
8
|
+
I can't take any responsibility for the damages caused by using this package.
|
|
9
|
+
|
|
10
|
+
(I had to publish this package to demonstrate the impact of the security vulnerability I found.)
|
package/js/alert.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
alert(document.domain)
|
package/package.json
ADDED
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "security-research-files",
|
|
3
|
+
"version": "1.0.0",
|
|
4
|
+
"description": "This package is intended for use in security research",
|
|
5
|
+
"scripts": {
|
|
6
|
+
"postinstall": "echo \"You installed security-research-files. This package is intended for use in security research. If you are not sure what you are currently doing, please uninstall this package.\""
|
|
7
|
+
},
|
|
8
|
+
"author": "",
|
|
9
|
+
"license": "ISC"
|
|
10
|
+
}
|