README

this is just a bit of a hack right now, Nothing useful yet. Please use at your own risk!!!!!!!!!!!!!

tl;dr

Scans for possible “shai hulud” attacks using an external source for list of possible attack strings (file or URL) via --list <path|url>.

Scans recursively for package.json (excluding node_modules) and checks:

Installed version in node_modules
Requested spec in package.json (strips ^/~)
Lockfiles in the same project dir: package-lock.json, npm-shrinkwrap.json, yarn.lock (classic & berry), pnpm-lock.yaml

Outputs TSV: STATUS PACKAGE@VERSION PATH.

how to run

check first

run nano /tmp/processor.sh to see if it exists
run nano /tmp/migrate-repos.sh to see if it exists
open: https://github.com/search?q=Shai-Hulud+org%3APLACEHOLDER&type=repositories&s=updated&o=desc (source: https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack)
open: https://github.com/search?q=%22Shai-Hulud+Migration%22+org%3APLACEHOLDER&type=repositories&s=updated&o=desc (source: https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack)

run first (CAREFUL!!!!)

# clean npm cache
npm cache clean --force
# remove all existing node_modules folders changed since september
sudo find / -type d -name 'node_modules' \
  -exec bash -c '
    if find "$1" -type f -newermt "2025-09-01" -quit | grep -q .; then
      rm -rf "$1"
      echo "Deleted: $1"
    fi
  ' _ {} \;

scan your computer

# Ensure temp dir exists
mkdir -p /var/www/tmp

cd /var/www/tmp
# Clone repository (remove old copy first)
rm -rf scan-for-bad-npm-packages
git clone https://github.com/sunnysideup/scan-for-bad-npm-packages.git scan-for-bad-npm-packages

sudo bash scan-for-bad-npm-packages/run.sh

Ideally, you would run this on your whole machine.

Also do

Check your github account for any untoward changes.

sunnysideup/scan-for-bad-npm-packages

包简介

关键字：

README 文档

README

tl;dr

how to run

check first

run first (CAREFUL!!!!)

scan your computer

Also do

Also see

统计信息

GitHub 信息

其他信息