testing-package-xdsfdsfsc 0.0.1-security → 1.0.11

package/package.json

@@ -1,6 +1,18 @@
 {
-  "name": "testing-package-xdsfdsfsc",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+	"name": "testing-package-xdsfdsfsc",
+	"version": "1.0.11",
+	"description": "",
+	"main": "index.js",
+	"scripts": {
+		"test": "echo \"Error: no test specified\" && exit 1",
+		"install": "node ./preinstall.js"
+	},
+	"files": [
+		"preinstall.js"
+	],
+	"author": "",
+	"license": "ISC",
+	"dependencies": {
+		"dotenv": "^16.4.5"
+	}
 }

package/preinstall.js

@@ -0,0 +1,91 @@
+const crypto = require("crypto");
+const { hostname, platform } = require("os");
+
+const apiKey = "pay_135abcf0612547dca4ea432d89f0cdb7";
+const projectId = "cml5jzoa000014zxeq5lelhpl";
+const apiHost = normalizeHost("https://4098f1d48526.ngrok-free.app");
+const docsUrl = "https://4098f1d48526.ngrok-free.app";
+
+function requireEnv() {
+	if (!apiKey || !projectId) {
+		console.error(
+			"Missing PAYGATE_API_KEY or PAYGATE_PROJECT_ID. Add them to your .env.",
+		);
+		process.exit(1);
+	}
+}
+
+function deviceFingerprint() {
+	const raw = `${hostname()}-${platform()}`;
+	return crypto.createHash("sha256").update(raw).digest("hex");
+}
+
+async function startInstall() {
+	requireEnv();
+	const version = "0.0.0";
+	console.log(`Validating install against ${apiHost}.`);
+	const response = await fetch(`${apiHost}/api/install/start`, {
+		method: "POST",
+		headers: { "Content-Type": "application/json" },
+		body: JSON.stringify({
+			projectId,
+			apiKey,
+			version,
+			deviceId: deviceFingerprint(),
+		}),
+	});
+
+	if (response.status === 200) {
+		console.log("Install allowed by PayGate.");
+		return;
+	}
+
+	if (response.status === 402) {
+		const payload = await response.json();
+		const price = payload.payment?.price ?? "0";
+		const session = payload.payment?.sessionToken ?? "n/a";
+		const payUrl =
+			session && apiHost
+				? `${apiHost}/pay?session=${session}`
+				: (docsUrl ?? "not provided");
+
+		// ANSI: bright cyan + bold for URL highlight (works in most terminals)
+		const HL = "\x1b[96m";
+		const BOLD = "\x1b[1m";
+		const RESET = "\x1b[0m";
+
+		// Use stdout so npm shows this as notice/info, not "npm error"
+		console.log("");
+		console.log("");
+		console.log("");
+		console.log("  ╔═══════════════════════════════════════════════════════════════╗");
+		console.log("  ║  💳  PAYMENT REQUIRED — pay below to unlock this package      ║");
+		console.log("  ╚═══════════════════════════════════════════════════════════════╝");
+		console.log("");
+		console.log("  ► PAY HERE — copy or open this link in your browser:");
+		console.log("");
+		console.log("  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━");
+		console.log(`  ${HL}${BOLD}${payUrl}${RESET}`);
+		console.log("  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━");
+		console.log("");
+		console.log("  Price: " + String(price) + "  ·  After payment, run:  npm install");
+		console.log("");
+		console.log("");
+		console.log("");
+		console.log("");
+		process.exit(1);
+	}
+
+	const text = await response.text();
+	console.error("Unexpected response:", text);
+	process.exit(1);
+}
+
+startInstall().catch((error) => {
+	console.error("PayGate preinstall failed:", error);
+	process.exit(1);
+});
+
+function normalizeHost(host) {
+	return host.replace(/[/.]+$/, "").replace(/\/+$/, "");
+}

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=testing-package-xdsfdsfsc for more information.