"Shai-Hulud" affected NPM packages are installed (LINUX: BASH SCRIPT)
The bash script is a simple a tool that iterates through the installed Tinycolor npm packages possibly affected by the “Shai-Hulud” supply chain attack.
The list of packages are stored in an array within the script itself. I acquired the list from socket.dev.
Execute the script directly with bash npm_getList.sh or make it executable [sudo] chmod 777 npm_getList.sh. If you create a link or store it somewhere else, make sure to update $PATH.
The script uses npm -g list --all and grep through the array until there is a match. Once the iteration completes through all the packages installed, it will print out the results of the iteration.
You may want to export the results with ./npm_getList.sh > some_log_file.log to store the results instead of it printing to stdout.
#!/bin/bash# list from https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages# sha256:# license: MIT
arr=(
'angulartics2@14.1.2' '@ctrl/deluge@7.2.2' '@ctrl/golang-template@1.4.3' '@ctrl/magnet-link@4.0.4' '@ctrl/ngx-codemirror@7.0.2' '@ctrl/ngx-csv@6.0.2' '@ctrl/ngx-emoji-mart@9.2.2' '@ctrl/ngx-rightclick@4.0.2' '@ctrl/qbittorrent@9.7.2' '@ctrl/react-adsense@2.0.2' '@ctrl/shared-torrent@6.3.2' '@ctrl/tinycolor@4.1.1' '@ctrl/tinycolor@4.1.2' '@ctrl/torrent-file@4.1.2' '@ctrl/transmission@7.3.1' '@ctrl/ts-base32@4.0.2' 'encounter-playground@0.0.5' 'json-rules-engine-simplified@0.2.4' 'json-rules-engine-simplified@0.2.1' 'koa2-swagger-ui@5.11.2' 'koa2-swagger-ui@5.11.1' '@nativescript-community/gesturehandler@2.0.35' '@nativescript-community/sentry@4.6.43' '@nativescript-community/text@1.6.13' '@nativescript-community/ui-collectionview@6.0.6' '@nativescript-community/ui-drawer@0.1.30' '@nativescript-community/ui-image@4.5.6' '@nativescript-community/ui-material-bottomsheet@7.2.72' '@nativescript-community/ui-material-core@7.2.76' '@nativescript-community/ui-material-core-tabs@7.2.76' 'ngx-color@10.0.2' 'ngx-toastr@19.0.2' 'ngx-trend@8.0.1' 'react-complaint-image@0.0.35' 'react-jsonschema-form-conditionals@0.3.21' 'react-jsonschema-form-extras@1.0.4' 'rxnt-authentication@0.0.6' 'rxnt-healthchecks-nestjs@1.0.5' 'rxnt-kue@1.0.7' 'swc-plugin-component-annotate@1.9.2' 'ts-gaussian@3.0.6'
)# arraylength=${#arr[@]}
count=0malcounts=0malarray=()
echo "running script..."echo "npm -g list --all"echo "iterating through matching package names..."for i in ${arr[@]}; do count=$((count+1)) grepper=$(npm -g list --all | grep $i) echo "____________________________" echo $count pkg: $i: echo $grepper if [[ "$grepper" == "" ]] then echo "" else echo "$grepper could have malware." malarray+=("$i") malcounts=$((malcounts+1)) fi done
echo "============================" echo "You have $malcounts/$count packages that could be affected by the malware installed on your system."echo "Affected packages:" if [[ "${malarray[*]}" == "" ]] then echo "You have 0 packages that are affected." else echo "${malarrayi[*]}" fi# echo "${malarray[*]}"echo "_______"echo "" echo "For more info: The blog containing the list of affected packages can be found at:" echo "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages"echo "============================"
Comments
Post a Comment