Intrusion Exploit
Server: LiteSpeed
System: Linux cisadane.iixcp.rumahweb.net 5.14.0-427.42.1.el9_4.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Nov 1 14:58:02 EDT 2024 x86_64
User: lenf4658 (1805)
PHP: 8.4.19
Disabled: NONE
$ pwd: /opt/alt/alt-nodejs18/root/lib/node_modules/npm/lib/utils/
Upload Files
File: //opt/alt/alt-nodejs18/root/lib/node_modules/npm/lib/utils/get-identity.js
const npmFetch = require('npm-registry-fetch')

module.exports = async (npm, opts) => {
  const { registry } = opts

  // First, check if we have a user/pass-based auth
  const creds = npm.config.getCredentialsByURI(registry)
  if (creds.username) {
    return creds.username
  }

  // No username, but we have other credentials; fetch the username from registry
  if (creds.token || creds.certfile && creds.keyfile) {
    const registryData = await npmFetch.json('/-/whoami', { ...opts })
    if (typeof registryData?.username === 'string') {
      return registryData.username
    }
  }

  // At this point, even if they have a credentials object, it doesn't have a
  // valid token.
  throw Object.assign(
    new Error('This command requires you to be logged in.'),
    { code: 'ENEEDAUTH' }
  )
}
@ Telegram