Template repository which contains dependency confusion poc for npm package
- Clone the repository
- Update
package.json
file with the vulnerable package details - Update
pre.sh
without your RCE command - Publish the package
- (Optional)
backend.php
(if you want to setup a php api which will email about the trigger)
This is only for educational purpose. User will be responsible for any usage of this.