security-research-files 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of security-research-files might be problematic. Click here for more details.
- package/README.md +10 -0
- package/js/alert.js +1 -0
- package/package.json +10 -0
package/README.md
ADDED
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
# security-research-files
|
|
2
|
+
|
|
3
|
+
## Disclaimer
|
|
4
|
+
This package is intended for use in security research.
|
|
5
|
+
You don't need this package in regular software developments, so you should only install it if you are sure you need it.
|
|
6
|
+
|
|
7
|
+
At the point of initial publishing, this package only contains harmless files for testing purposes. Still, at some point, I may add scripts/programs that send DNS queries or connects to external servers, so please read the contents of the packages before installing this package.
|
|
8
|
+
I can't take any responsibility for the damages caused by using this package.
|
|
9
|
+
|
|
10
|
+
(I had to publish this package to demonstrate the impact of the security vulnerability I found.)
|
package/js/alert.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
alert(document.domain)
|
package/package.json
ADDED
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "security-research-files",
|
|
3
|
+
"version": "1.0.0",
|
|
4
|
+
"description": "This package is intended for use in security research",
|
|
5
|
+
"scripts": {
|
|
6
|
+
"postinstall": "echo \"You installed security-research-files. This package is intended for use in security research. If you are not sure what you are currently doing, please uninstall this package.\""
|
|
7
|
+
},
|
|
8
|
+
"author": "",
|
|
9
|
+
"license": "ISC"
|
|
10
|
+
}
|