68 lines
1.8 KiB
PowerShell
68 lines
1.8 KiB
PowerShell
# List of suspicious authors/packages to check for
|
|
$authors = @(
|
|
"art-ws",
|
|
"ahmedhfarag",
|
|
"rxap",
|
|
"crowdstrike",
|
|
"ctrl",
|
|
"hestjs",
|
|
"nativescript-community",
|
|
"nexe",
|
|
"operato",
|
|
"nstudio",
|
|
"teselagen",
|
|
"thangved",
|
|
"hings-factory",
|
|
"nf-dev",
|
|
"ui-ux-gang",
|
|
"yoobic",
|
|
"N/A"
|
|
# add the rest here...
|
|
)
|
|
|
|
|
|
$outFile = "npm-scan-results.txt"
|
|
"=== NPM Security Scan Results ($(Get-Date)) ===" | Out-File $outFile
|
|
|
|
|
|
"--- Checking package-lock.json files ---" | Out-File $outFile -Append
|
|
Get-ChildItem -Recurse -Filter "package-lock.json" | ForEach-Object {
|
|
$matches = Select-String -Path $_.FullName -Pattern ($authors -join "|")
|
|
if ($matches) {
|
|
"Found in: $($_.FullName)" | Out-File $outFile -Append
|
|
$matches | ForEach-Object { $_.Line } | Out-File $outFile -Append
|
|
"" | Out-File $outFile -Append
|
|
}
|
|
}
|
|
|
|
"--- Checking node_modules directories ---" | Out-File $outFile -Append
|
|
Get-ChildItem -Recurse -Directory -Filter "node_modules" | ForEach-Object {
|
|
$path = $_.FullName
|
|
try {
|
|
$result = npm ls --prefix $path --all 2>$null | findstr /i ($authors -join " ")
|
|
if ($result) {
|
|
"Found in node_modules at: $path" | Out-File $outFile -Append
|
|
$result | Out-File $outFile -Append
|
|
"" | Out-File $outFile -Append
|
|
}
|
|
}
|
|
catch {
|
|
# ignore npm errors
|
|
}
|
|
}
|
|
|
|
|
|
"--- Checking global npm installs ---" | Out-File $outFile -Append
|
|
try {
|
|
$global = npm ls -g --depth=0 2>$null | findstr /i ($authors -join " ")
|
|
if ($global) {
|
|
"Found in GLOBAL npm installs:" | Out-File $outFile -Append
|
|
$global | Out-File $outFile -Append
|
|
}
|
|
}
|
|
catch {
|
|
# ignore npm errors
|
|
}
|
|
|
|
"=== Scan Complete ===" | Out-File $outFile -Append
|
|
Write-Host "Scan complete. Results saved to $outFile" |