Specific script to check exploits described in https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised
Checks if specific compromised versions exist across your repo
audit.shGH_ORG with your github org namebash audit.sh| #!/bin/bash | |
| GH_ORG="solana-foundation" | |
| OUTPUT="audit1.jsonl" # or .txt, as you prefer | |
| > "$OUTPUT" # empty the file at start | |
| packages="backslash:0.2.1 chalk-template:1.1.1 supports-hyperlinks:4.1.1 has-ansi:6.0.1 simple-swizzle:0.2.3 color-string:2.1.1 error-ex:1.3.3 color-name:2.0.1 is-arrayish:0.3.3 slice-ansi:7.1.1 color-convert:3.1.1 wrap-ansi:9.0.1 ansi-regex:6.2.1 supports-color:10.2.1 strip-ansi:7.1.1 chalk:5.6.1 debug:4.4.2 ansi-styles:6.2.2" | |
| for item in $packages | |
| do | |
| pkg=${item%%:*} | |
| min=${item#*:} | |
| echo "Searching for: $pkg@ >= $min" | |
| result=$(gh search code "$pkg@" --owner $GH_ORG --json repository,path,textMatches,url | \ | |
| jq -c --arg pkg "$pkg" --arg min "$min" ' | |
| def ver_to_arr(v): (v | split(".")) as $p | ($p | .[0:3]) | while(length < 3; . + [0]) | map(tonumber); | |
| .[] | select( | |
| any(.textMatches[]; | |
| [ .fragment | match( $pkg + "@([0-9]+(?:\\.[0-9]+)*)"; "g" ) ] as $matches | | |
| any($matches[]; ver_to_arr(.captures[0].string) >= ver_to_arr($min)) | |
| ) | |
| ) | |
| ') | |
| if [ -z "$result" ]; then | |
| echo "{\"package\":\"$pkg\",\"min\":\"$min\",\"found\":false}" >> "$OUTPUT" | |
| else | |
| echo "$result" >> "$OUTPUT" | |
| fi | |
| sleep 3 | |
| done |