Verify compromised npm packages

verify-compromised-package.sh

#!/bin/bash

# Check if directory argument is provided
if [ $# -eq 0 ]; then
    echo "Usage: $0 <directory>"
    echo "Example: $0 ./client"
    exit 1
fi

TARGET_DIR="$1"

# Check if the directory exists
if [ ! -d "$TARGET_DIR" ]; then
    echo "Error: Directory '$TARGET_DIR' does not exist."
    exit 1
fi

# Check if package.json exists in the target directory
if [ ! -f "$TARGET_DIR/package.json" ]; then
    echo "Error: No package.json found in '$TARGET_DIR'."
    exit 1
fi

echo "Running package verification in directory: $TARGET_DIR"

# Define packages and their expected versions as space-separated pairs
packages="
backslash:0.2.1
chalk-template:1.1.1
supports-hyperlinks:4.1.1
has-ansi:6.0.1
simple-swizzle:0.2.3
color-string:2.1.1
error-ex:1.3.3
color-name:2.0.1
is-arrayish:0.3.3
slice-ansi:7.1.1
color-convert:3.1.1
wrap-ansi:9.0.1
ansi-regex:6.2.1
supports-color:10.2.1
strip-ansi:7.1.1
chalk:5.6.1
debug:4.4.2
ansi-styles:6.2.2
"

echo "Verifying package versions..."
echo "=============================="

# Loop through packages and verify versions
echo "$packages" | while IFS=: read -r package expected_version; do
    # Skip empty lines
    if [ -z "$package" ]; then
        continue
    fi

    echo -n "Checking $package@$expected_version"

    # Run npm list in the target directory and grep for the version
    result=$(cd "$TARGET_DIR" && npm list "$package" 2>/dev/null | grep "$package@$expected_version")

    if [ -n "$result" ]; then
        echo "💀 FOUND: $result"
    else
        echo "✅ Not found"
    fi
done

echo "=============================="
echo "Verification complete."