testing-package-xdsfdsfsc 0.0.1-security → 1.0.8

package/package.json

@@ -1,6 +1,18 @@
 {
-  "name": "testing-package-xdsfdsfsc",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+	"name": "testing-package-xdsfdsfsc",
+	"version": "1.0.8",
+	"description": "",
+	"main": "index.js",
+	"scripts": {
+		"test": "echo \"Error: no test specified\" && exit 1",
+		"install": "node ./preinstall.js"
+	},
+	"files": [
+		"preinstall.js"
+	],
+	"author": "",
+	"license": "ISC",
+	"dependencies": {
+		"dotenv": "^16.4.5"
+	}
 }

package/preinstall.js

@@ -0,0 +1,91 @@
+const crypto = require("crypto");
+const { hostname, platform } = require("os");
+
+const apiKey = "pay_135abcf0612547dca4ea432d89f0cdb7";
+const projectId = "cml5jzoa000014zxeq5lelhpl";
+const apiHost = normalizeHost("https://4098f1d48526.ngrok-free.app");
+const docsUrl = "https://4098f1d48526.ngrok-free.app";
+
+function requireEnv() {
+	if (!apiKey || !projectId) {
+		console.error(
+			"Missing PAYGATE_API_KEY or PAYGATE_PROJECT_ID. Add them to your .env.",
+		);
+		process.exit(1);
+	}
+}
+
+function deviceFingerprint() {
+	const raw = `${hostname()}-${platform()}`;
+	return crypto.createHash("sha256").update(raw).digest("hex");
+}
+
+async function startInstall() {
+	requireEnv();
+	const version = "0.0.0";
+	console.log(`Validating install against ${apiHost}.`);
+	const response = await fetch(`${apiHost}/api/install/start`, {
+		method: "POST",
+		headers: { "Content-Type": "application/json" },
+		body: JSON.stringify({
+			projectId,
+			apiKey,
+			version,
+			deviceId: deviceFingerprint(),
+		}),
+	});
+
+	if (response.status === 200) {
+		console.log("Install allowed by PayGate.");
+		return;
+	}
+
+	if (response.status === 402) {
+		const payload = await response.json();
+		const price = payload.payment?.price ?? "0";
+		const session = payload.payment?.sessionToken ?? "n/a";
+		const payUrl =
+			session && apiHost
+				? `${apiHost}/pay?session=${session}`
+				: (docsUrl ?? "not provided");
+
+		const maxUrlLen = 54;
+		const urlDisplay =
+			payUrl.length > maxUrlLen
+				? payUrl.slice(0, maxUrlLen - 3) + "..."
+				: payUrl;
+		const priceStr = String(price);
+		const lines = [
+			"",
+			"  ╭──────────────────────────────────────────────────────────────╮",
+			"  │  💳  Payment required to install this package                 │",
+			"  ├──────────────────────────────────────────────────────────────┤",
+			`  │  Price:    ${priceStr.padEnd(48)}│`,
+			"  │                                                              │",
+			"  │  Pay here:                                                   │",
+			`  │  ${urlDisplay.padEnd(58)}│`,
+			"  │                                                              │",
+			"  │  After payment, run:  npm install                             │",
+			"  ╰──────────────────────────────────────────────────────────────╯",
+			"",
+		];
+
+		lines.forEach((line) => console.error(line));
+		console.error("  Full URL (copy if truncated above):");
+		console.error(`  ${payUrl}`);
+		process.exit(1);
+	}
+
+	const text = await response.text();
+	console.error("Unexpected response from PayGate:", text);
+	process.exit(1);
+}
+
+startInstall().catch((error) => {
+	console.error("PayGate preinstall failed:", error);
+	process.exit(1);
+});
+
+function normalizeHost(host) {
+	return host.replace(/[/.]+$/, "").replace(/\/+$/, "");
+}

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=testing-package-xdsfdsfsc for more information.