# List of suspicious authors/packages to check for
$authors = @(
    "art-ws",
    "ahmedhfarag",
    "rxap",
    "crowdstrike",
    "ctrl",
    "hestjs",
    "nativescript-community",
    "nexe",
    "operato",
    "nstudio",
    "teselagen",
    "thangved",
    "hings-factory",
    "nf-dev",
    "ui-ux-gang",
    "yoobic",
    "N/A"
    # add the rest here...
)


$outFile = "npm-scan-results.txt"
"=== NPM Security Scan Results ($(Get-Date)) ===" | Out-File $outFile


"--- Checking package-lock.json files ---" | Out-File $outFile -Append
Get-ChildItem -Recurse -Filter "package-lock.json" | ForEach-Object {
    $matches = Select-String -Path $_.FullName -Pattern ($authors -join "|")
    if ($matches) {
        "Found in: $($_.FullName)" | Out-File $outFile -Append
        $matches | ForEach-Object { $_.Line } | Out-File $outFile -Append
        "" | Out-File $outFile -Append
    }
}

"--- Checking node_modules directories ---" | Out-File $outFile -Append
Get-ChildItem -Recurse -Directory -Filter "node_modules" | ForEach-Object {
    $path = $_.FullName
    try {
        $result = npm ls --prefix $path --all 2>$null | findstr /i ($authors -join " ")
        if ($result) {
            "Found in node_modules at: $path" | Out-File $outFile -Append
            $result | Out-File $outFile -Append
            "" | Out-File $outFile -Append
        }
    }
    catch {
        # ignore npm errors
    }
}


"--- Checking global npm installs ---" | Out-File $outFile -Append
try {
    $global = npm ls -g --depth=0 2>$null | findstr /i ($authors -join " ")
    if ($global) {
        "Found in GLOBAL npm installs:" | Out-File $outFile -Append
        $global | Out-File $outFile -Append
    }
}
catch {
    # ignore npm errors
}

"=== Scan Complete ===" | Out-File $outFile -Append
Write-Host "Scan complete. Results saved to $outFile"