-
-
Save KorvinSzanto/df9f456f788f4182c106de273f8b82c8 to your computer and use it in GitHub Desktop.
[Updated 24 Nov 2025] Deep scan for bad NPM packages nested across projects - DFIR for Shai-Hulud cyberattack, Sep-Nov 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @accordproject/concerto-analysis | |
| @accordproject/concerto-linter | |
| @accordproject/concerto-linter-default-ruleset | |
| @accordproject/concerto-metamodel | |
| @accordproject/concerto-types | |
| @accordproject/markdown-it-cicero | |
| @accordproject/template-engine | |
| @actbase/css-to-react-native-transform | |
| @actbase/native | |
| @actbase/node-server | |
| @actbase/react-absolute | |
| @actbase/react-daum-postcode | |
| @actbase/react-kakaosdk | |
| @actbase/react-native-actionsheet | |
| @actbase/react-native-devtools | |
| @actbase/react-native-fast-image | |
| @actbase/react-native-kakao-channel | |
| @actbase/react-native-kakao-navi | |
| @actbase/react-native-less-transformer | |
| @actbase/react-native-naver-login | |
| @actbase/react-native-simple-video | |
| @actbase/react-native-tiktok | |
| @ahmedhfarag/ngx-perfect-scrollbar | |
| @ahmedhfarag/ngx-virtual-scroller | |
| @alaan/s2s-auth | |
| @alexcolls/nuxt-socket.io | |
| @alexcolls/nuxt-ux | |
| @antstackio/eslint-config-antstack | |
| @antstackio/express-graphql-proxy | |
| @antstackio/graphql-body-parser | |
| @antstackio/json-to-graphql | |
| @antstackio/shelbysam | |
| @art-ws/common | |
| @art-ws/config-eslint | |
| @art-ws/config-ts | |
| @art-ws/db-context | |
| @art-ws/di | |
| @art-ws/di-node | |
| @art-ws/eslint | |
| @art-ws/fastify-http-server | |
| @art-ws/http-server | |
| @art-ws/openapi | |
| @art-ws/package-base | |
| @art-ws/prettier | |
| @art-ws/slf | |
| @art-ws/ssl-info | |
| @art-ws/web-app | |
| @aryanhussain/my-angular-lib | |
| @asyncapi/avro-schema-parser | |
| @asyncapi/bundler | |
| @asyncapi/cli | |
| @asyncapi/converter | |
| @asyncapi/diff | |
| @asyncapi/dotnet-rabbitmq-template | |
| @asyncapi/edavisualiser | |
| @asyncapi/generator | |
| @asyncapi/generator-components | |
| @asyncapi/generator-helpers | |
| @asyncapi/generator-react-sdk | |
| @asyncapi/go-watermill-template | |
| @asyncapi/html-template | |
| @asyncapi/java-spring-cloud-stream-template | |
| @asyncapi/java-spring-template | |
| @asyncapi/java-template | |
| @asyncapi/keeper | |
| @asyncapi/markdown-template | |
| @asyncapi/modelina | |
| @asyncapi/modelina-cli | |
| @asyncapi/multi-parser | |
| @asyncapi/nodejs-template | |
| @asyncapi/nodejs-ws-template | |
| @asyncapi/nunjucks-filters | |
| @asyncapi/openapi-schema-parser | |
| @asyncapi/optimizer | |
| @asyncapi/parser | |
| @asyncapi/php-template | |
| @asyncapi/problem | |
| @asyncapi/protobuf-schema-parser | |
| @asyncapi/python-paho-template | |
| @asyncapi/react-component | |
| @asyncapi/server-api | |
| @asyncapi/specs | |
| @asyncapi/studio | |
| @asyncapi/web-component | |
| @basic-ui-components-stc/basic-ui-components | |
| @browserbasehq/bb9 | |
| @browserbasehq/director-ai | |
| @browserbasehq/mcp | |
| @browserbasehq/mcp-server-browserbase | |
| @browserbasehq/sdk-functions | |
| @browserbasehq/stagehand | |
| @browserbasehq/stagehand-docs | |
| @caretive/caret-cli | |
| @clausehq/flows-step-httprequest | |
| @clausehq/flows-step-jsontoxml | |
| @clausehq/flows-step-mqtt | |
| @clausehq/flows-step-sendgridemail | |
| @clausehq/flows-step-taskscreateurl | |
| @commute/bloom | |
| @commute/market-data | |
| @commute/market-data-chartjs | |
| @coveops/abi | |
| @crowdstrike/commitlint | |
| @crowdstrike/falcon-shoelace | |
| @crowdstrike/foundry-js | |
| @crowdstrike/glide-core | |
| @crowdstrike/logscale-dashboard | |
| @crowdstrike/logscale-file-editor | |
| @crowdstrike/logscale-parser-edit | |
| @crowdstrike/logscale-search | |
| @crowdstrike/tailwind-toucan-base | |
| @ctrl/deluge | |
| @ctrl/golang-template | |
| @ctrl/magnet-link | |
| @ctrl/ngx-codemirror | |
| @ctrl/ngx-csv | |
| @ctrl/ngx-emoji-mart | |
| @ctrl/ngx-rightclick | |
| @ctrl/qbittorrent | |
| @ctrl/react-adsense | |
| @ctrl/shared-torrent | |
| @ctrl/tinycolor | |
| @ctrl/torrent-file | |
| @ctrl/transmission | |
| @ctrl/ts-base32 | |
| @dev-blinq/ai-qa-logic | |
| @dev-blinq/cucumber_client | |
| @dev-blinq/cucumber-js | |
| @dev-blinq/ui-systems | |
| @duckdb/duckdb-wasm | |
| @duckdb/node-api | |
| @duckdb/node-bindings | |
| @ensdomains/address-encoder | |
| @ensdomains/blacklist | |
| @ensdomains/buffer | |
| @ensdomains/ccip-read-cf-worker | |
| @ensdomains/ccip-read-dns-gateway | |
| @ensdomains/ccip-read-router | |
| @ensdomains/ccip-read-worker-viem | |
| @ensdomains/content-hash | |
| @ensdomains/curvearithmetics | |
| @ensdomains/cypress-metamask | |
| @ensdomains/dnsprovejs | |
| @ensdomains/dnssec-oracle-anchors | |
| @ensdomains/dnssecoraclejs | |
| @ensdomains/durin | |
| @ensdomains/durin-middleware | |
| @ensdomains/ens-archived-contracts | |
| @ensdomains/ens-avatar | |
| @ensdomains/ens-contracts | |
| @ensdomains/ens-test-env | |
| @ensdomains/ens-validation | |
| @ensdomains/ensjs | |
| @ensdomains/ensjs-react | |
| @ensdomains/eth-ens-namehash | |
| @ensdomains/hackathon-registrar | |
| @ensdomains/hardhat-chai-matchers-viem | |
| @ensdomains/hardhat-toolbox-viem-extended | |
| @ensdomains/mock | |
| @ensdomains/name-wrapper | |
| @ensdomains/offchain-resolver-contracts | |
| @ensdomains/op-resolver-contracts | |
| @ensdomains/react-ens-address | |
| @ensdomains/renewal | |
| @ensdomains/renewal-widget | |
| @ensdomains/reverse-records | |
| @ensdomains/server-analytics | |
| @ensdomains/solsha1 | |
| @ensdomains/subdomain-registrar | |
| @ensdomains/test-utils | |
| @ensdomains/thorin | |
| @ensdomains/ui | |
| @ensdomains/unicode-confusables | |
| @ensdomains/unruggable-gateways | |
| @ensdomains/vite-plugin-i18next-loader | |
| @ensdomains/web3modal | |
| @everreal/react-charts | |
| @everreal/validate-esmoduleinterop-imports | |
| @everreal/web-analytics | |
| @faq-component/core | |
| @faq-component/react | |
| @fishingbooker/browser-sync-plugin | |
| @fishingbooker/react-loader | |
| @fishingbooker/react-pagination | |
| @fishingbooker/react-raty | |
| @fishingbooker/react-swiper | |
| @hapheus/n8n-nodes-pgp | |
| @hestjs/core | |
| @hestjs/cqrs | |
| @hestjs/demo | |
| @hestjs/eslint-config | |
| @hestjs/logger | |
| @hestjs/scalar | |
| @hestjs/validation | |
| @hover-design/core | |
| @hover-design/react | |
| @ifelsedeveloper/protocol-contracts-svm-idl | |
| @ifings/design-system | |
| @ifings/metatron3 | |
| @kvytech/cli | |
| @kvytech/components | |
| @kvytech/habbit-e2e-test | |
| @kvytech/medusa-plugin-announcement | |
| @kvytech/medusa-plugin-management | |
| @kvytech/medusa-plugin-newsletter | |
| @kvytech/medusa-plugin-product-reviews | |
| @kvytech/medusa-plugin-promotion | |
| @kvytech/web | |
| @lessondesk/api-client | |
| @lessondesk/babel-preset | |
| @lessondesk/electron-group-api-client | |
| @lessondesk/eslint-config | |
| @lessondesk/material-icons | |
| @lessondesk/react-table-context | |
| @lessondesk/schoolbus | |
| @livecms/live-edit | |
| @livecms/nuxt-live-edit | |
| @louisle2/core | |
| @louisle2/cortex-js | |
| @lpdjs/firestore-repo-service | |
| @markvivanco/app-version-checker | |
| @mcp-use/cli | |
| @mcp-use/inspector | |
| @mcp-use/mcp-use | |
| @mparpaillon/connector-parse | |
| @mparpaillon/imagesloaded | |
| @mparpaillon/page | |
| @nativescript-community/arraybuffers | |
| @nativescript-community/gesturehandler | |
| @nativescript-community/perms | |
| @nativescript-community/push | |
| @nativescript-community/sentry | |
| @nativescript-community/sqlite | |
| @nativescript-community/text | |
| @nativescript-community/typeorm | |
| @nativescript-community/ui-collectionview | |
| @nativescript-community/ui-document-picker | |
| @nativescript-community/ui-drawer | |
| @nativescript-community/ui-image | |
| @nativescript-community/ui-label | |
| @nativescript-community/ui-material-activityindicator | |
| @nativescript-community/ui-material-bottom-navigation | |
| @nativescript-community/ui-material-bottomnavigationbar | |
| @nativescript-community/ui-material-bottomsheet | |
| @nativescript-community/ui-material-button | |
| @nativescript-community/ui-material-cardview | |
| @nativescript-community/ui-material-core | |
| @nativescript-community/ui-material-core-tabs | |
| @nativescript-community/ui-material-dialogs | |
| @nativescript-community/ui-material-floatingactionbutton | |
| @nativescript-community/ui-material-progress | |
| @nativescript-community/ui-material-ripple | |
| @nativescript-community/ui-material-slider | |
| @nativescript-community/ui-material-snackbar | |
| @nativescript-community/ui-material-tabs | |
| @nativescript-community/ui-material-textfield | |
| @nativescript-community/ui-material-textview | |
| @nativescript-community/ui-pager | |
| @nativescript-community/ui-pulltorefresh | |
| @nexe/config-manager | |
| @nexe/eslint-config | |
| @nexe/logger | |
| @nstudio/angular | |
| @nstudio/focus | |
| @nstudio/nativescript-checkbox | |
| @nstudio/nativescript-loading-indicator | |
| @nstudio/ui-collectionview | |
| @nstudio/web | |
| @nstudio/web-angular | |
| @nstudio/xplat | |
| @nstudio/xplat-utils | |
| @ntnx/passport-wso2 | |
| @ntnx/t | |
| @operato/board | |
| @operato/data-grist | |
| @operato/graphql | |
| @operato/headroom | |
| @operato/help | |
| @operato/i18n | |
| @operato/input | |
| @operato/layout | |
| @operato/popup | |
| @operato/pull-to-refresh | |
| @operato/shell | |
| @operato/styles | |
| @operato/utils | |
| @orbitgtbelgium/mapbox-gl-draw-cut-polygon-mode | |
| @orbitgtbelgium/mapbox-gl-draw-scale-rotate-mode | |
| @orbitgtbelgium/orbit-components | |
| @orbitgtbelgium/time-slider | |
| @osmanekrem/bmad | |
| @osmanekrem/error-handler | |
| @posthog/agent | |
| @posthog/ai | |
| @posthog/automatic-cohorts-plugin | |
| @posthog/cli | |
| @posthog/clickhouse | |
| @posthog/core | |
| @posthog/currency-normalization-plugin | |
| @posthog/customerio-plugin | |
| @posthog/databricks-plugin | |
| @posthog/drop-events-on-property-plugin | |
| @posthog/event-sequence-timer-plugin | |
| @posthog/first-time-event-tracker | |
| @posthog/geoip-plugin | |
| @posthog/github-release-tracking-plugin | |
| @posthog/gitub-star-sync-plugin | |
| @posthog/heartbeat-plugin | |
| @posthog/hedgehog-mode | |
| @posthog/icons | |
| @posthog/ingestion-alert-plugin | |
| @posthog/intercom-plugin | |
| @posthog/kinesis-plugin | |
| @posthog/laudspeaker-plugin | |
| @posthog/lemon-ui | |
| @posthog/maxmind-plugin | |
| @posthog/migrator3000-plugin | |
| @posthog/netdata-event-processing | |
| @posthog/nextjs | |
| @posthog/nextjs-config | |
| @posthog/nuxt | |
| @posthog/pagerduty-plugin | |
| @posthog/piscina | |
| @posthog/plugin-contrib | |
| @posthog/plugin-server | |
| @posthog/plugin-unduplicates | |
| @posthog/react-rrweb-player | |
| @posthog/rrdom | |
| @posthog/rrweb | |
| @posthog/rrweb-player | |
| @posthog/rrweb-record | |
| @posthog/rrweb-replay | |
| @posthog/rrweb-snapshot | |
| @posthog/rrweb-utils | |
| @posthog/sendgrid-plugin | |
| @posthog/siphash | |
| @posthog/snowflake-export-plugin | |
| @posthog/taxonomy-plugin | |
| @posthog/twilio-plugin | |
| @posthog/twitter-followers-plugin | |
| @posthog/url-normalizer-plugin | |
| @posthog/variance-plugin | |
| @posthog/web-dev-server | |
| @posthog/wizard | |
| @posthog/zendesk-plugin | |
| @postman/aether-icons | |
| @postman/csv-parse | |
| @postman/final-node-keytar | |
| @postman/mcp-ui-client | |
| @postman/node-keytar | |
| @postman/pm-bin-linux-x64 | |
| @postman/pm-bin-macos-arm64 | |
| @postman/pm-bin-macos-x64 | |
| @postman/pm-bin-windows-x64 | |
| @postman/postman-collection-fork | |
| @postman/postman-mcp-cli | |
| @postman/postman-mcp-server | |
| @postman/pretty-ms | |
| @postman/secret-scanner-wasm | |
| @postman/tunnel-agent | |
| @postman/wdio-allure-reporter | |
| @postman/wdio-junit-reporter | |
| @pradhumngautam/common-app | |
| @pruthvi21/use-debounce | |
| @quick-start-soft/quick-document-translator | |
| @quick-start-soft/quick-git-clean-markdown | |
| @quick-start-soft/quick-markdown | |
| @quick-start-soft/quick-markdown-compose | |
| @quick-start-soft/quick-markdown-image | |
| @quick-start-soft/quick-markdown-print | |
| @quick-start-soft/quick-markdown-translator | |
| @quick-start-soft/quick-remove-image-background | |
| @quick-start-soft/quick-task-refine | |
| @relyt/claude-context-core | |
| @relyt/claude-context-mcp | |
| @relyt/mcp-server-relytone | |
| @rxap/ngx-bootstrap | |
| @seezo/sdr-mcp-server | |
| @seung-ju/next | |
| @seung-ju/openapi-generator | |
| @seung-ju/react-hooks | |
| @seung-ju/react-native-action-sheet | |
| @sme-ui/aoma-vevasound-metadata-lib | |
| @strapbuild/react-native-date-time-picker | |
| @strapbuild/react-native-perspective-image-cropper | |
| @strapbuild/react-native-perspective-image-cropper-2 | |
| @strapbuild/react-native-perspective-image-cropper-poojan31 | |
| @suraj_h/medium-common | |
| @teselagen/bio-parsers | |
| @teselagen/bounce-loader | |
| @teselagen/file-utils | |
| @teselagen/liquibase-tools | |
| @teselagen/ove | |
| @teselagen/range-utils | |
| @teselagen/react-list | |
| @teselagen/react-table | |
| @teselagen/sequence-utils | |
| @teselagen/ui | |
| @thangved/callback-window | |
| @thedelta/eslint-config | |
| @things-factory/attachment-base | |
| @things-factory/auth-base | |
| @things-factory/email-base | |
| @things-factory/env | |
| @things-factory/integration-base | |
| @things-factory/integration-marketplace | |
| @things-factory/shell | |
| @tiaanduplessis/json | |
| @tiaanduplessis/react-progressbar | |
| @tnf-dev/api | |
| @tnf-dev/core | |
| @tnf-dev/js | |
| @tnf-dev/mui | |
| @tnf-dev/react | |
| @trefox/sleekshop-js | |
| @trigo/atrix | |
| @trigo/atrix-acl | |
| @trigo/atrix-elasticsearch | |
| @trigo/atrix-mongoose | |
| @trigo/atrix-orientdb | |
| @trigo/atrix-postgres | |
| @trigo/atrix-pubsub | |
| @trigo/atrix-redis | |
| @trigo/atrix-soap | |
| @trigo/atrix-swagger | |
| @trigo/bool-expressions | |
| @trigo/eslint-config-trigo | |
| @trigo/fsm | |
| @trigo/hapi-auth-signedlink | |
| @trigo/jsdt | |
| @trigo/keycloak-api | |
| @trigo/node-soap | |
| @trigo/pathfinder-ui-css | |
| @trigo/trigo-hapijs | |
| @trpc-rate-limiter/cloudflare | |
| @trpc-rate-limiter/hono | |
| @ui-ux-gang/devextreme-angular-rpk | |
| @ui-ux-gang/devextreme-rpk | |
| @varsityvibe/api-client | |
| @varsityvibe/utils | |
| @varsityvibe/validation-schemas | |
| @vishadtyagi/full-year-calendar | |
| @voiceflow/alexa-types | |
| @voiceflow/anthropic | |
| @voiceflow/api-sdk | |
| @voiceflow/backend-utils | |
| @voiceflow/base-types | |
| @voiceflow/body-parser | |
| @voiceflow/chat-types | |
| @voiceflow/circleci-config-sdk-orb-import | |
| @voiceflow/commitlint-config | |
| @voiceflow/common | |
| @voiceflow/default-prompt-wrappers | |
| @voiceflow/dependency-cruiser-config | |
| @voiceflow/dtos-interact | |
| @voiceflow/encryption | |
| @voiceflow/eslint-config | |
| @voiceflow/eslint-plugin | |
| @voiceflow/exception | |
| @voiceflow/fetch | |
| @voiceflow/general-types | |
| @voiceflow/git-branch-check | |
| @voiceflow/google-dfes-types | |
| @voiceflow/google-types | |
| @voiceflow/husky-config | |
| @voiceflow/logger | |
| @voiceflow/metrics | |
| @voiceflow/natural-language-commander | |
| @voiceflow/nestjs-common | |
| @voiceflow/nestjs-mongodb | |
| @voiceflow/nestjs-rate-limit | |
| @voiceflow/nestjs-redis | |
| @voiceflow/nestjs-timeout | |
| @voiceflow/npm-package-json-lint-config | |
| @voiceflow/openai | |
| @voiceflow/pino | |
| @voiceflow/pino-pretty | |
| @voiceflow/prettier-config | |
| @voiceflow/react-chat | |
| @voiceflow/runtime | |
| @voiceflow/runtime-client-js | |
| @voiceflow/sdk-runtime | |
| @voiceflow/secrets-provider | |
| @voiceflow/semantic-release-config | |
| @voiceflow/serverless-plugin-typescript | |
| @voiceflow/slate-serializer | |
| @voiceflow/stitches-react | |
| @voiceflow/storybook-config | |
| @voiceflow/stylelint-config | |
| @voiceflow/test-common | |
| @voiceflow/tsconfig | |
| @voiceflow/tsconfig-paths | |
| @voiceflow/utils-designer | |
| @voiceflow/verror | |
| @voiceflow/vite-config | |
| @voiceflow/vitest-config | |
| @voiceflow/voice-types | |
| @voiceflow/voiceflow-types | |
| @voiceflow/widget | |
| @yoobic/design-system | |
| @yoobic/jpeg-camera-es6 | |
| @yoobic/yobi | |
| @zapier/ai-actions | |
| @zapier/ai-actions-react | |
| @zapier/babel-preset-zapier | |
| @zapier/browserslist-config-zapier | |
| @zapier/eslint-plugin-zapier | |
| @zapier/mcp-integration | |
| @zapier/secret-scrubber | |
| @zapier/spectral-api-ruleset | |
| @zapier/stubtree | |
| @zapier/zapier-sdk | |
| 02-echo | |
| ace-colorpicker-rpk | |
| ai-crowl-shield | |
| airchief | |
| airpilot | |
| angulartics2 | |
| another-shai | |
| ansi-regex | |
| ansi-styles | |
| arc-cli-fc | |
| asyncapi-preview | |
| atrix | |
| atrix-mongoose | |
| automation_model | |
| axios-builder | |
| axios-cancelable | |
| axios-timed | |
| backslash | |
| barebones-css | |
| benmostyn-frame-print | |
| bestgpiocontroller | |
| bidirectional-adapter | |
| blinqio-executions-cli | |
| blob-to-base64 | |
| bool-expressions | |
| browser-webdriver-downloader | |
| bun-plugin-httpfile | |
| bytecode-checker-cli | |
| bytes-to-x | |
| calc-loan-interest | |
| capacitor-notificationhandler | |
| capacitor-plugin-apptrackingios | |
| capacitor-plugin-healthapp | |
| capacitor-plugin-ihealth | |
| capacitor-plugin-purchase | |
| capacitor-plugin-scgssigninwithgoogle | |
| capacitor-plugin-vonage | |
| capacitor-purchase-history | |
| capacitor-voice-recorder-wav | |
| capacitorandroidpermissions | |
| chalk | |
| chalk-template | |
| chrome-extension-downloads | |
| claude-token-updater | |
| coinmarketcap-api | |
| color-convert | |
| color-name | |
| color-string | |
| colors-regex | |
| command-irail | |
| compare-obj | |
| composite-reducer | |
| config-cordova | |
| cordova-plugin-voxeet2 | |
| cordova-voxeet | |
| count-it-down | |
| cpu-instructions | |
| create-director-app | |
| create-glee-app | |
| create-hardhat3-app | |
| create-hest-app | |
| create-mcp-use-app | |
| crypto-addr-codec | |
| css-dedoupe | |
| dashboard-empty-state | |
| db-evo | |
| debug | |
| designstudiouiux | |
| devextreme-angular-rpk | |
| devextreme-rpk | |
| devstart-cli | |
| dialogflow-es | |
| discord-bot-server | |
| docusaurus-plugin-vanilla-extract | |
| dont-go | |
| dotnet-template | |
| drop-events-on-property-plugin | |
| duckdb | |
| email-deliverability-tester | |
| ember-browser-services | |
| ember-headless-form | |
| ember-headless-form-yup | |
| ember-headless-table | |
| ember-url-hash-polyfill | |
| ember-velcro | |
| encounter-playground | |
| enforce-branch-name | |
| error-ex | |
| esbuild-plugin-brotli | |
| esbuild-plugin-eta | |
| esbuild-plugin-httpfile | |
| eslint-config-crowdstrike | |
| eslint-config-crowdstrike-node | |
| eslint-config-nitpicky | |
| eslint-config-teselagen | |
| eslint-config-trigo | |
| eslint-config-zeallat-base | |
| ethereum-ens | |
| evm-checkcode-cli | |
| exact-ticker | |
| expo-audio-session | |
| expressos | |
| fat-fingered | |
| feature-flip | |
| firestore-search-engine | |
| fittxt | |
| flapstacks | |
| flatten-unflatten | |
| formik-error-focus | |
| formik-store | |
| fuzzy-finder | |
| gate-evm-check-code2 | |
| gate-evm-tools-test | |
| gatsby-plugin-cname | |
| generator-meteor-stock | |
| generator-ng-itobuz | |
| get-them-args | |
| github-action-for-generator | |
| gitsafe | |
| globalize-rpk | |
| go-template | |
| graphql-sequelize-teselagen | |
| gulp-inject-envs | |
| has-ansi | |
| haufe-axera-api-client | |
| hope-mapboxdraw | |
| hopedraw | |
| hover-design-prototype | |
| html-to-base64-image | |
| httpness | |
| hyper-fullfacing | |
| hyperterm-hipster | |
| ids-css | |
| ids-enterprise-mcp-server | |
| ids-enterprise-ng | |
| ids-enterprise-typings | |
| image-to-uri | |
| insomnia-plugin-random-pick | |
| invo | |
| iron-shield-miniapp | |
| is-arrayish | |
| ito-button | |
| itobuz-angular | |
| itobuz-angular-auth | |
| itobuz-angular-button | |
| jacob-zuma | |
| jaetut-varit-test | |
| jan-browser | |
| jquery-bindings | |
| json-rules-engine-simplified | |
| jsonsurge | |
| jumpgate | |
| just-toasty | |
| kill-port | |
| koa2-swagger-ui | |
| korea-administrative-area-geo-json-util | |
| kwami | |
| lang-codes | |
| license-o-matic | |
| lint-staged-imagemin | |
| lite-serper-mcp-server | |
| luno-api | |
| manual-billing-system-miniapp-api | |
| mcfly-semantic-release | |
| mcp-knowledge-base | |
| mcp-knowledge-graph | |
| mcp-use | |
| medusa-plugin-announcement | |
| medusa-plugin-logs | |
| medusa-plugin-momo | |
| medusa-plugin-product-reviews-kvy | |
| medusa-plugin-zalopay | |
| mobioffice-cli | |
| mod10-check-digit | |
| mon-package-react-typescript | |
| monorepo-next | |
| mstate-angular | |
| mstate-cli | |
| mstate-dev-react | |
| mstate-react | |
| my-saeed-lib | |
| n8n-nodes-tmdb | |
| n8n-nodes-vercel-ai-sdk | |
| n8n-nodes-viral-app | |
| nanoreset | |
| next-circular-dependency | |
| next-simple-google-analytics | |
| next-styled-nprogress | |
| ng-imports-checker | |
| ng2-file-upload | |
| ngx-bootstrap | |
| ngx-color | |
| ngx-toastr | |
| ngx-trend | |
| ngx-useful-swiper-prosenjit | |
| ngx-wooapi | |
| ngx-ws | |
| normal-store | |
| obj-to-css | |
| okta-react-router-6 | |
| open2internet | |
| oradm-to-gql | |
| oradm-to-sqlz | |
| orbit-boxicons | |
| orbit-nebula-draw-tools | |
| orbit-nebula-editor | |
| orbit-soap | |
| orchestrix | |
| ove-auto-annotate | |
| package-tester | |
| parcel-plugin-asset-copier | |
| pdf-annotation | |
| piclite | |
| pico-uid | |
| pkg-readme | |
| pm2-gelf-json | |
| poper-react-sdk | |
| posthog-docusaurus | |
| posthog-js | |
| posthog-node | |
| posthog-plugin-hello-world | |
| posthog-react-native | |
| posthog-react-native-session-replay | |
| prebid | |
| prime-one-table | |
| printjs-rpk | |
| prompt-eng | |
| prompt-eng-server | |
| proto-tinker-wc | |
| puny-req | |
| ra-auth-firebase | |
| ra-data-firebase | |
| react-complaint-image | |
| react-component-taggers | |
| react-data-to-export | |
| react-element-prompt-inspector | |
| react-favic | |
| react-hook-form-persist | |
| react-jam-icons | |
| react-jsonschema-form-conditionals | |
| react-jsonschema-form-extras | |
| react-jsonschema-rxnt-extras | |
| react-keycloak-context | |
| react-library-setup | |
| react-linear-loader | |
| react-micromodal.js | |
| react-native-datepicker-modal | |
| react-native-email | |
| react-native-fetch | |
| react-native-get-pixel-dimensions | |
| react-native-google-maps-directions | |
| react-native-jam-icons | |
| react-native-log-level | |
| react-native-modest-checkbox | |
| react-native-modest-storage | |
| react-native-phone-call | |
| react-native-retriable-fetch | |
| react-native-use-modal | |
| react-native-view-finder | |
| react-native-websocket | |
| react-native-worklet-functions | |
| react-qr-image | |
| rediff | |
| rediff-viewer | |
| redux-forge | |
| redux-router-kit | |
| remark-preset-lint-crowdstrike | |
| rollup-plugin-httpfile | |
| rxnt-authentication | |
| rxnt-healthchecks-nestjs | |
| rxnt-kue | |
| sa-company-registration-number-regex | |
| sa-id-gen | |
| samesame | |
| scgs-capacitor-subscribe | |
| scgsffcreator | |
| selenium-session-client | |
| set-nested-prop | |
| shelf-jwt-sessions | |
| shell-exec | |
| shinhan-limit-scrap | |
| simple-swizzle | |
| skills-use | |
| slice-ansi | |
| slint-config-teselagen | |
| solomon-api-stories | |
| solomon-v3-stories | |
| solomon-v3-ui-wrapper | |
| sort-by-distance | |
| south-african-id-info | |
| stat-fns | |
| stoor | |
| strip-ansi | |
| super-commit | |
| supports-color | |
| supports-hyperlinks | |
| svelte-autocomplete-select | |
| svelte-toasty | |
| swc-plugin-component-annotate | |
| tanstack-shadcn-table | |
| tbssnch | |
| tcsp | |
| tcsp-draw-test | |
| tcsp-test-vd | |
| template-lib | |
| template-micro-service | |
| tenacious-fetch | |
| teselagen-interval-tree | |
| test-foundry-app | |
| test-hardhat-app | |
| test23112222-api | |
| tg-client-query-builder | |
| tg-redbird | |
| tg-seq-gen | |
| thangved-react-grid | |
| tiaan | |
| token.js-fork | |
| trigo-react-app | |
| ts-gaussian | |
| ts-imports | |
| tvi-cli | |
| typefence | |
| typeorm-orbit | |
| undefsafe-typed | |
| uplandui | |
| upload-to-play-store | |
| url-encode-decode | |
| use-unsaved-changes | |
| valid-south-african-id | |
| ve-bamreader | |
| ve-editor | |
| verror-extra | |
| vf-oss-template | |
| vite-plugin-httpfile | |
| voip-callkit | |
| vue-browserupdate-nuxt | |
| wdio-web-reporter | |
| web-scraper-mcp | |
| web-types-htmx | |
| web-types-lit | |
| webpack-loader-httpfile | |
| wellness-expert-ng-gallery | |
| wenk | |
| wrap-ansi | |
| yargs-help-output | |
| yoo-styles | |
| zapier-async-storage | |
| zapier-platform-cli | |
| zapier-platform-core | |
| zapier-platform-legacy-scripting-runner | |
| zapier-platform-schema | |
| zapier-scripts | |
| zuper-cli | |
| zuper-sdk | |
| zuper-stream |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Deep scan a batch of Node projects for known bad NPM packages, as listed in bad-deps.txt. | |
| # Fully checking each project, we look for bad packages nested anywhere in the dependency tree, | |
| # including node_modules and package-lock.json. | |
| # | |
| # Author: Dan Cassey, Alex Greenland, Epi - epihq.com | |
| # License: Public Domain (CC0) | |
| # Updated: 24 Nov 2025 | |
| # | |
| # Context: Digital Forensics & Incident Response (DFIR) for Shai-Hulud cyberattack, Sep-Nov 2025 | |
| # | |
| # This script is intended as a first-pass check for developers and DFIR teams. | |
| # It tells you if you depend on any version of the listed dependencies. | |
| # | |
| # The bad-deps.txt file is intended to be thorough on a best-effort basis but it is not an exhaustive list. | |
| # The list represents the current state of threat intelligence in the industry. | |
| # | |
| # Only specific versions of these dependencies are malicious, | |
| # but the cyberattack indicates the known compromise of these libraries or their authors in September and November 2025. | |
| # | |
| # We intentionally search for the packages without versions | |
| # so you can see if you have any level of dependency on one of these libraries. | |
| # | |
| # If a match is found, it does not necessarily indicate compromise. | |
| # A match reveals potential compromise and requires further investigation, by comparing version numbers. | |
| # | |
| # If no matches are found, it indicates no versions of these libraries are depended upon, | |
| # so you know with greater certainty that there is no current compromise from these dependencies in your projects. | |
| # | |
| # We check at a broader level for further assurance and safety. | |
| # Going forward, in the case where you have a dependency on an old version of one of these libraries, | |
| # you can decide whether to pin or remove the dependency. | |
| # | |
| PROJECTS=( | |
| # enter paths to roots of Node projects here, line separated | |
| ) | |
| CWD=$(pwd) | |
| BAD_DEPS=$(cat ./bad-deps.txt) | |
| for project in ${PROJECTS[@]}; do | |
| cd $project | |
| echo "Checking $project..." | |
| FULL_LIST=$(npm list --all --silent) | |
| for dep in ${BAD_DEPS[@]}; do | |
| if [ $(echo $FULL_LIST | grep "$dep" | wc -l) != 0 ]; then | |
| npm list $dep | |
| fi | |
| done | |
| cd $CWD | |
| done |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Updated with lists from corridor.dev and Cobenian/shai-hulud-detect