Lp-Francois · November 24, 2025 13:54
diff --git a/check-for-sha1hulud.sh b/check-for-sha1hulud.sh
 #!/bin/bash

 # Script to check if repository is affected by vulnerable package versions
 # Usage: ./check-for-sha1hulud.sh
 # See https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24
 # Disclaimer: AI-generated

 set -e

 # Colors for output
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 NC='\033[0m' # No Color

 # Counters
 VULNERABLE_COUNT=0
 TOTAL_CHECKED=0

 echo "🔍 Checking for vulnerable package versions..."
 echo "================================================"

 # Function to check if a package version exists in package files
 check_package() {
    local package_name="$1"
    local vulnerable_version="$2"
    local found=false
    
    # Check package.json files
    if find . -name "package.json" -not -path "*/node_modules/*" -exec grep -l "\"$package_name\"" {} \; 2>/dev/null | head -1 >/dev/null; then
        # Check if the vulnerable version is found
        if find . -name "package.json" -not -path "*/node_modules/*" -exec grep -l "\"$package_name\".*\"$vulnerable_version\"" {} \; 2>/dev/null | head -1 >/dev/null; then
            found=true
        fi
    fi
    
    # Check package-lock.json files
    if find . -name "package-lock.json" -not -path "*/node_modules/*" -exec grep -l "\"$package_name\"" {} \; 2>/dev/null | head -1 >/dev/null; then
        if find . -name "package-lock.json" -not -path "*/node_modules/*" -exec grep -l "\"$package_name\".*\"version\":.*\"$vulnerable_version\"" {} \; 2>/dev/null | head -1 >/dev/null; then
            found=true
        fi
    fi
    
    # Check yarn.lock files
    if find . -name "yarn.lock" -not -path "*/node_modules/*" -exec grep -l "^$package_name@" {} \; 2>/dev/null | head -1 >/dev/null; then
        if find . -name "yarn.lock" -not -path "*/node_modules/*" -exec grep -A 2 "^$package_name@" {} \; 2>/dev/null | grep -q "version \"$vulnerable_version\""; then
            found=true
        fi
    fi
    
    if [ "$found" = true ]; then
        echo -e "${RED}⚠️  VULNERABLE: $package_name@$vulnerable_version${NC}"
        ((VULNERABLE_COUNT++))
    fi
    
    ((TOTAL_CHECKED++))
 }

 # Array of vulnerable packages (package_name version)
 declare -a vulnerable_packages=(
    "@zapier/zapier-sdk 0.15.5"
    "@zapier/zapier-sdk 0.15.7"
    "@posthog/core 1.5.6"
    "posthog-node 5.11.3"
    "posthog-node 5.13.3"
    "posthog-node 4.18.1"
    "@asyncapi/specs 6.10.1"
    "@asyncapi/specs 6.8.2"
    "@asyncapi/specs 6.9.1"
    "@asyncapi/specs 6.8.3"
    "@postman/tunnel-agent 0.6.6"
    "@postman/tunnel-agent 0.6.5"
    "posthog-react-native 4.12.5"
    "posthog-react-native 4.11.1"
    "@asyncapi/parser 3.4.1"
    "@asyncapi/parser 3.4.2"
    "@asyncapi/openapi-schema-parser 3.0.25"
    "@asyncapi/avro-schema-parser 3.0.25"
    "@asyncapi/avro-schema-parser 3.0.26"
    "@asyncapi/protobuf-schema-parser 3.6.1"
    "@asyncapi/protobuf-schema-parser 3.5.3"
    "@asyncapi/react-component 2.6.6"
    "@asyncapi/generator 2.8.5"
    "@posthog/ai 7.1.2"
    "@asyncapi/modelina 5.10.2"
    "@asyncapi/modelina 5.10.3"
    "@asyncapi/generator-react-sdk 1.1.4"
    "@asyncapi/generator-react-sdk 1.1.5"
    "@postman/csv-parse 4.0.3"
    "@postman/csv-parse 4.0.4"
    "@postman/csv-parse 4.0.5"
    "posthog-react-native-session-replay 1.2.2"
    "@asyncapi/converter 1.6.3"
    "@asyncapi/multi-parser 2.2.1"
    "@asyncapi/multi-parser 2.2.2"
    "@posthog/cli 0.5.15"
    "@zapier/secret-scrubber 1.1.3"
    "@zapier/secret-scrubber 1.1.4"
    "@zapier/secret-scrubber 1.1.5"
    "zapier-platform-schema 18.0.2"
    "zapier-platform-core 18.0.2"
    "zapier-platform-core 18.0.3"
    "@ensdomains/address-encoder 1.1.5"
    "@ensdomains/content-hash 3.0.1"
    "crypto-addr-codec 0.1.9"
    "@asyncapi/nunjucks-filters 2.1.1"
    "@asyncapi/nunjucks-filters 2.1.2"
    "@asyncapi/bundler 0.6.5"
    "@asyncapi/bundler 0.6.6"
    "@posthog/nextjs-config 1.5.1"
    "@asyncapi/html-template 3.3.2"
    "@asyncapi/html-template 3.3.3"
    "@asyncapi/diff 0.5.1"
    "@asyncapi/diff 0.5.2"
    "@asyncapi/cli 4.1.2"
    "@asyncapi/optimizer 1.0.5"
    "@asyncapi/optimizer 1.0.6"
    "@asyncapi/modelina-cli 5.10.2"
    "@asyncapi/modelina-cli 5.10.3"
    "@postman/aether-icons 2.23.2"
    "@postman/aether-icons 2.23.4"
    "@asyncapi/generator-components 0.3.2"
    "@asyncapi/generator-helpers 0.2.1"
    "@asyncapi/generator-helpers 0.2.2"
    "zapier-platform-cli 18.0.3"
    "@posthog/rrweb 0.0.31"
    "ethereum-ens 0.8.1"
    "@posthog/rrweb-utils 0.0.31"
    "@posthog/rrweb-snapshot 0.0.31"
    "@posthog/rrdom 0.0.31"
    "@asyncapi/problem 1.0.1"
    "@asyncapi/problem 1.0.2"
    "@postman/secret-scanner-wasm 2.1.3"
    "@postman/secret-scanner-wasm 2.1.2"
    "@postman/secret-scanner-wasm 2.1.4"
    "@ensdomains/eth-ens-namehash 2.0.16"
    "posthog-docusaurus 2.0.6"
    "@postman/pretty-ms 6.1.1"
    "@postman/pretty-ms 6.1.3"
    "@postman/pretty-ms 6.1.2"
    "web-types-lit 0.1.1"
    "mcp-use 1.4.2"
    "mcp-use 1.4.3"
    "@posthog/react-rrweb-player 1.1.4"
    "@asyncapi/markdown-template 1.6.8"
    "@asyncapi/markdown-template 1.6.9"
    "@ensdomains/buffer 0.1.2"
    "@postman/node-keytar 7.9.4"
    "@postman/node-keytar 7.9.5"
    "@postman/node-keytar 7.9.6"
    "@mcp-use/inspector 0.6.2"
    "@mcp-use/inspector 0.6.3"
    "@mcp-use/cli 2.2.6"
    "@zapier/spectral-api-ruleset 1.9.1"
    "@zapier/spectral-api-ruleset 1.9.2"
    "@zapier/spectral-api-ruleset 1.9.3"
    "@posthog/geoip-plugin 0.0.8"
    "@ensdomains/dnsprovejs 0.5.3"
    "@ensdomains/solsha1 0.0.4"
    "@asyncapi/web-component 2.6.6"
    "@asyncapi/web-component 2.6.7"
    "@posthog/nuxt 1.2.9"
    "@zapier/browserslist-config-zapier 1.0.3"
    "@zapier/browserslist-config-zapier 1.0.5"
    "@posthog/wizard 1.18.1"
    "react-native-use-modal 1.0.3"
    "@asyncapi/java-spring-template 1.6.1"
    "@asyncapi/java-spring-template 1.6.2"
    "@posthog/rrweb-record 0.0.31"
    "@posthog/siphash 1.1.2"
    "@posthog/piscina 3.2.1"
    "@ensdomains/ens-validation 0.1.1"
    "@posthog/plugin-contrib 0.0.6"
    "@posthog/agent 1.24.1"
    "@postman/postman-mcp-server 2.4.11"
    "@postman/postman-mcp-server 2.4.10"
    "@asyncapi/nodejs-ws-template 0.10.1"
    "@asyncapi/nodejs-ws-template 0.10.2"
    "@actbase/react-daum-postcode 1.0.5"
    "token.js-fork 0.7.32"
    "@postman/pm-bin-windows-x64 1.24.5"
    "@postman/pm-bin-windows-x64 1.24.4"
    "@ensdomains/ens-avatar 1.0.4"
    "@postman/pm-bin-linux-x64 1.24.3"
    "@postman/pm-bin-linux-x64 1.24.4"
    "@postman/pm-bin-linux-x64 1.24.5"
    "@posthog/hedgehog-mode 0.0.42"
    "create-mcp-use-app 0.5.3"
    "create-mcp-use-app 0.5.4"
    "@postman/pm-bin-macos-arm64 1.24.5"
    "@postman/pm-bin-macos-arm64 1.24.3"
    "@postman/pm-bin-macos-arm64 1.24.4"
    "@posthog/nextjs 0.0.3"
    "@postman/pm-bin-macos-x64 1.24.3"
    "@postman/pm-bin-macos-x64 1.24.5"
    "redux-router-kit 1.2.2"
    "redux-router-kit 1.2.3"
    "redux-router-kit 1.2.4"
    "@ensdomains/dnssecoraclejs 0.2.9"
    "@postman/mcp-ui-client 5.5.1"
    "@postman/mcp-ui-client 5.5.2"
    "@postman/postman-mcp-cli 1.0.5"
    "@postman/postman-mcp-cli 1.0.4"
    "@zapier/babel-preset-zapier 6.4.1"
    "@zapier/babel-preset-zapier 6.4.3"
    "@ensdomains/thorin 0.6.51"
    "@postman/postman-collection-fork 4.3.3"
    "@postman/postman-collection-fork 4.3.4"
    "@postman/postman-collection-fork 4.3.5"
    "@asyncapi/nodejs-template 3.0.5"
    "@postman/wdio-allure-reporter 0.0.9"
    "@postman/wdio-junit-reporter 0.0.4"
    "@postman/wdio-junit-reporter 0.0.6"
    "@postman/final-node-keytar 7.9.1"
    "@postman/final-node-keytar 7.9.2"
    "zapier-async-storage 1.0.1"
    "zapier-async-storage 1.0.2"
    "zapier-async-storage 1.0.3"
    "@ensdomains/test-utils 1.3.1"
    "@ensdomains/hardhat-chai-matchers-viem 0.1.15"
    "@asyncapi/java-spring-cloud-stream-template 0.13.5"
    "@asyncapi/java-spring-cloud-stream-template 0.13.6"
    "@zapier/eslint-plugin-zapier 11.0.3"
    "@zapier/eslint-plugin-zapier 11.0.4"
    "@zapier/eslint-plugin-zapier 11.0.5"
    "devstart-cli 1.0.6"
    "@asyncapi/java-template 0.3.5"
    "@asyncapi/java-template 0.3.6"
    "@asyncapi/go-watermill-template 0.2.76"
    "@asyncapi/go-watermill-template 0.2.77"
    "@asyncapi/python-paho-template 0.2.14"
    "@asyncapi/python-paho-template 0.2.15"
    "@ensdomains/hardhat-toolbox-viem-extended 0.0.6"
    "@ensdomains/vite-plugin-i18next-loader 4.0.4"
    "zapier-platform-legacy-scripting-runner 4.0.3"
    "zapier-platform-legacy-scripting-runner 4.0.4"
    "@asyncapi/server-api 0.16.25"
    "@ensdomains/offchain-resolver-contracts 0.2.2"
    "@zapier/ai-actions 0.1.18"
    "@zapier/ai-actions 0.1.19"
    "@zapier/ai-actions 0.1.20"
    "@zapier/mcp-integration 3.0.1"
    "@zapier/mcp-integration 3.0.3"
    "@ensdomains/ens-archived-contracts 0.0.3"
    "@ensdomains/dnssec-oracle-anchors 0.0.2"
    "@ensdomains/mock 2.1.52"
    "zapier-scripts 7.8.3"
    "zapier-scripts 7.8.4"
    "@quick-start-soft/quick-task-refine 1.4.2511142126"
    "@zapier/ai-actions-react 0.1.13"
    "@zapier/ai-actions-react 0.1.14"
    "@quick-start-soft/quick-git-clean-markdown 1.4.2511142126"
    "@ensdomains/ui 3.4.6"
    "@quick-start-soft/quick-markdown 1.4.2511142126"
    "@zapier/stubtree 0.1.3"
    "@ensdomains/unruggable-gateways 0.0.3"
    "@posthog/rrweb-player 0.0.31"
    "@asyncapi/dotnet-rabbitmq-template 1.0.1"
    "@asyncapi/dotnet-rabbitmq-template 1.0.2"
    "@ensdomains/react-ens-address 0.0.32"
    "@asyncapi/php-template 0.1.1"
 )

 # Check each vulnerable package
 for package_info in "${vulnerable_packages[@]}"; do
    read -r package_name version <<< "$package_info"
    check_package "$package_name" "$version"
 done

 echo "================================================"
 echo -e "📊 ${YELLOW}Summary:${NC}"
 echo -e "   Total packages checked: $TOTAL_CHECKED"

 if [ $VULNERABLE_COUNT -eq 0 ]; then
    echo -e "   ${GREEN}✅ No vulnerable packages found!${NC}"
    exit 0
 else
    echo -e "   ${RED}⚠️  Found $VULNERABLE_COUNT vulnerable package(s)${NC}"
    echo ""
    echo -e "${YELLOW}🔧 Recommended actions:${NC}"
    echo "   1. Update vulnerable packages to their latest versions"
    echo "   2. Run 'npm audit' or 'yarn audit' for detailed security report"
    echo "   3. Consider using 'npm audit fix' or 'yarn audit fix' to auto-fix"
    echo "   4. Review your package-lock.json/yarn.lock files"
    exit 1
 fi
	#!/bin/bash

	# Script to check if repository is affected by vulnerable package versions
	# Usage: ./check-for-sha1hulud.sh
	# See https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24
	# Disclaimer: AI-generated

	set -e

	# Colors for output
	RED='\033[0;31m'
	GREEN='\033[0;32m'
	YELLOW='\033[1;33m'
	NC='\033[0m' # No Color

	# Counters
	VULNERABLE_COUNT=0
	TOTAL_CHECKED=0

	echo "🔍 Checking for vulnerable package versions..."
	echo "================================================"

	# Function to check if a package version exists in package files
	check_package() {
	local package_name="$1"
	local vulnerable_version="$2"
	local found=false

	# Check package.json files
	if find . -name "package.json" -not -path "/node_modules/" -exec grep -l "\"$package_name\"" {} \; 2>/dev/null \| head -1 >/dev/null; then
	# Check if the vulnerable version is found
	if find . -name "package.json" -not -path "/node_modules/" -exec grep -l "\"$package_name\".*\"$vulnerable_version\"" {} \; 2>/dev/null \| head -1 >/dev/null; then
	found=true
	fi
	fi

	# Check package-lock.json files
	if find . -name "package-lock.json" -not -path "/node_modules/" -exec grep -l "\"$package_name\"" {} \; 2>/dev/null \| head -1 >/dev/null; then
	if find . -name "package-lock.json" -not -path "/node_modules/" -exec grep -l "\"$package_name\".\"version\":.\"$vulnerable_version\"" {} \; 2>/dev/null \| head -1 >/dev/null; then
	found=true
	fi
	fi

	# Check yarn.lock files
	if find . -name "yarn.lock" -not -path "/node_modules/" -exec grep -l "^$package_name@" {} \; 2>/dev/null \| head -1 >/dev/null; then
	if find . -name "yarn.lock" -not -path "/node_modules/" -exec grep -A 2 "^$package_name@" {} \; 2>/dev/null \| grep -q "version \"$vulnerable_version\""; then
	found=true
	fi
	fi

	if [ "$found" = true ]; then
	echo -e "${RED}⚠️ VULNERABLE: $package_name@$vulnerable_version${NC}"
	((VULNERABLE_COUNT++))
	fi

	((TOTAL_CHECKED++))
	}

	# Array of vulnerable packages (package_name version)
	declare -a vulnerable_packages=(
	"@zapier/zapier-sdk 0.15.5"
	"@zapier/zapier-sdk 0.15.7"
	"@posthog/core 1.5.6"
	"posthog-node 5.11.3"
	"posthog-node 5.13.3"
	"posthog-node 4.18.1"
	"@asyncapi/specs 6.10.1"
	"@asyncapi/specs 6.8.2"
	"@asyncapi/specs 6.9.1"
	"@asyncapi/specs 6.8.3"
	"@postman/tunnel-agent 0.6.6"
	"@postman/tunnel-agent 0.6.5"
	"posthog-react-native 4.12.5"
	"posthog-react-native 4.11.1"
	"@asyncapi/parser 3.4.1"
	"@asyncapi/parser 3.4.2"
	"@asyncapi/openapi-schema-parser 3.0.25"
	"@asyncapi/avro-schema-parser 3.0.25"
	"@asyncapi/avro-schema-parser 3.0.26"
	"@asyncapi/protobuf-schema-parser 3.6.1"
	"@asyncapi/protobuf-schema-parser 3.5.3"
	"@asyncapi/react-component 2.6.6"
	"@asyncapi/generator 2.8.5"
	"@posthog/ai 7.1.2"
	"@asyncapi/modelina 5.10.2"
	"@asyncapi/modelina 5.10.3"
	"@asyncapi/generator-react-sdk 1.1.4"
	"@asyncapi/generator-react-sdk 1.1.5"
	"@postman/csv-parse 4.0.3"
	"@postman/csv-parse 4.0.4"
	"@postman/csv-parse 4.0.5"
	"posthog-react-native-session-replay 1.2.2"
	"@asyncapi/converter 1.6.3"
	"@asyncapi/multi-parser 2.2.1"
	"@asyncapi/multi-parser 2.2.2"
	"@posthog/cli 0.5.15"
	"@zapier/secret-scrubber 1.1.3"
	"@zapier/secret-scrubber 1.1.4"
	"@zapier/secret-scrubber 1.1.5"
	"zapier-platform-schema 18.0.2"
	"zapier-platform-core 18.0.2"
	"zapier-platform-core 18.0.3"
	"@ensdomains/address-encoder 1.1.5"
	"@ensdomains/content-hash 3.0.1"
	"crypto-addr-codec 0.1.9"
	"@asyncapi/nunjucks-filters 2.1.1"
	"@asyncapi/nunjucks-filters 2.1.2"
	"@asyncapi/bundler 0.6.5"
	"@asyncapi/bundler 0.6.6"
	"@posthog/nextjs-config 1.5.1"
	"@asyncapi/html-template 3.3.2"
	"@asyncapi/html-template 3.3.3"
	"@asyncapi/diff 0.5.1"
	"@asyncapi/diff 0.5.2"
	"@asyncapi/cli 4.1.2"
	"@asyncapi/optimizer 1.0.5"
	"@asyncapi/optimizer 1.0.6"
	"@asyncapi/modelina-cli 5.10.2"
	"@asyncapi/modelina-cli 5.10.3"
	"@postman/aether-icons 2.23.2"
	"@postman/aether-icons 2.23.4"
	"@asyncapi/generator-components 0.3.2"
	"@asyncapi/generator-helpers 0.2.1"
	"@asyncapi/generator-helpers 0.2.2"
	"zapier-platform-cli 18.0.3"
	"@posthog/rrweb 0.0.31"
	"ethereum-ens 0.8.1"
	"@posthog/rrweb-utils 0.0.31"
	"@posthog/rrweb-snapshot 0.0.31"
	"@posthog/rrdom 0.0.31"
	"@asyncapi/problem 1.0.1"
	"@asyncapi/problem 1.0.2"
	"@postman/secret-scanner-wasm 2.1.3"
	"@postman/secret-scanner-wasm 2.1.2"
	"@postman/secret-scanner-wasm 2.1.4"
	"@ensdomains/eth-ens-namehash 2.0.16"
	"posthog-docusaurus 2.0.6"
	"@postman/pretty-ms 6.1.1"
	"@postman/pretty-ms 6.1.3"
	"@postman/pretty-ms 6.1.2"
	"web-types-lit 0.1.1"
	"mcp-use 1.4.2"
	"mcp-use 1.4.3"
	"@posthog/react-rrweb-player 1.1.4"
	"@asyncapi/markdown-template 1.6.8"
	"@asyncapi/markdown-template 1.6.9"
	"@ensdomains/buffer 0.1.2"
	"@postman/node-keytar 7.9.4"
	"@postman/node-keytar 7.9.5"
	"@postman/node-keytar 7.9.6"
	"@mcp-use/inspector 0.6.2"
	"@mcp-use/inspector 0.6.3"
	"@mcp-use/cli 2.2.6"
	"@zapier/spectral-api-ruleset 1.9.1"
	"@zapier/spectral-api-ruleset 1.9.2"
	"@zapier/spectral-api-ruleset 1.9.3"
	"@posthog/geoip-plugin 0.0.8"
	"@ensdomains/dnsprovejs 0.5.3"
	"@ensdomains/solsha1 0.0.4"
	"@asyncapi/web-component 2.6.6"
	"@asyncapi/web-component 2.6.7"
	"@posthog/nuxt 1.2.9"
	"@zapier/browserslist-config-zapier 1.0.3"
	"@zapier/browserslist-config-zapier 1.0.5"
	"@posthog/wizard 1.18.1"
	"react-native-use-modal 1.0.3"
	"@asyncapi/java-spring-template 1.6.1"
	"@asyncapi/java-spring-template 1.6.2"
	"@posthog/rrweb-record 0.0.31"
	"@posthog/siphash 1.1.2"
	"@posthog/piscina 3.2.1"
	"@ensdomains/ens-validation 0.1.1"
	"@posthog/plugin-contrib 0.0.6"
	"@posthog/agent 1.24.1"
	"@postman/postman-mcp-server 2.4.11"
	"@postman/postman-mcp-server 2.4.10"
	"@asyncapi/nodejs-ws-template 0.10.1"
	"@asyncapi/nodejs-ws-template 0.10.2"
	"@actbase/react-daum-postcode 1.0.5"
	"token.js-fork 0.7.32"
	"@postman/pm-bin-windows-x64 1.24.5"
	"@postman/pm-bin-windows-x64 1.24.4"
	"@ensdomains/ens-avatar 1.0.4"
	"@postman/pm-bin-linux-x64 1.24.3"
	"@postman/pm-bin-linux-x64 1.24.4"
	"@postman/pm-bin-linux-x64 1.24.5"
	"@posthog/hedgehog-mode 0.0.42"
	"create-mcp-use-app 0.5.3"
	"create-mcp-use-app 0.5.4"
	"@postman/pm-bin-macos-arm64 1.24.5"
	"@postman/pm-bin-macos-arm64 1.24.3"
	"@postman/pm-bin-macos-arm64 1.24.4"
	"@posthog/nextjs 0.0.3"
	"@postman/pm-bin-macos-x64 1.24.3"
	"@postman/pm-bin-macos-x64 1.24.5"
	"redux-router-kit 1.2.2"
	"redux-router-kit 1.2.3"
	"redux-router-kit 1.2.4"
	"@ensdomains/dnssecoraclejs 0.2.9"
	"@postman/mcp-ui-client 5.5.1"
	"@postman/mcp-ui-client 5.5.2"
	"@postman/postman-mcp-cli 1.0.5"
	"@postman/postman-mcp-cli 1.0.4"
	"@zapier/babel-preset-zapier 6.4.1"
	"@zapier/babel-preset-zapier 6.4.3"
	"@ensdomains/thorin 0.6.51"
	"@postman/postman-collection-fork 4.3.3"
	"@postman/postman-collection-fork 4.3.4"
	"@postman/postman-collection-fork 4.3.5"
	"@asyncapi/nodejs-template 3.0.5"
	"@postman/wdio-allure-reporter 0.0.9"
	"@postman/wdio-junit-reporter 0.0.4"
	"@postman/wdio-junit-reporter 0.0.6"
	"@postman/final-node-keytar 7.9.1"
	"@postman/final-node-keytar 7.9.2"
	"zapier-async-storage 1.0.1"
	"zapier-async-storage 1.0.2"
	"zapier-async-storage 1.0.3"
	"@ensdomains/test-utils 1.3.1"
	"@ensdomains/hardhat-chai-matchers-viem 0.1.15"
	"@asyncapi/java-spring-cloud-stream-template 0.13.5"
	"@asyncapi/java-spring-cloud-stream-template 0.13.6"
	"@zapier/eslint-plugin-zapier 11.0.3"
	"@zapier/eslint-plugin-zapier 11.0.4"
	"@zapier/eslint-plugin-zapier 11.0.5"
	"devstart-cli 1.0.6"
	"@asyncapi/java-template 0.3.5"
	"@asyncapi/java-template 0.3.6"
	"@asyncapi/go-watermill-template 0.2.76"
	"@asyncapi/go-watermill-template 0.2.77"
	"@asyncapi/python-paho-template 0.2.14"
	"@asyncapi/python-paho-template 0.2.15"
	"@ensdomains/hardhat-toolbox-viem-extended 0.0.6"
	"@ensdomains/vite-plugin-i18next-loader 4.0.4"
	"zapier-platform-legacy-scripting-runner 4.0.3"
	"zapier-platform-legacy-scripting-runner 4.0.4"
	"@asyncapi/server-api 0.16.25"
	"@ensdomains/offchain-resolver-contracts 0.2.2"
	"@zapier/ai-actions 0.1.18"
	"@zapier/ai-actions 0.1.19"
	"@zapier/ai-actions 0.1.20"
	"@zapier/mcp-integration 3.0.1"
	"@zapier/mcp-integration 3.0.3"
	"@ensdomains/ens-archived-contracts 0.0.3"
	"@ensdomains/dnssec-oracle-anchors 0.0.2"
	"@ensdomains/mock 2.1.52"
	"zapier-scripts 7.8.3"
	"zapier-scripts 7.8.4"
	"@quick-start-soft/quick-task-refine 1.4.2511142126"
	"@zapier/ai-actions-react 0.1.13"
	"@zapier/ai-actions-react 0.1.14"
	"@quick-start-soft/quick-git-clean-markdown 1.4.2511142126"
	"@ensdomains/ui 3.4.6"
	"@quick-start-soft/quick-markdown 1.4.2511142126"
	"@zapier/stubtree 0.1.3"
	"@ensdomains/unruggable-gateways 0.0.3"
	"@posthog/rrweb-player 0.0.31"
	"@asyncapi/dotnet-rabbitmq-template 1.0.1"
	"@asyncapi/dotnet-rabbitmq-template 1.0.2"
	"@ensdomains/react-ens-address 0.0.32"
	"@asyncapi/php-template 0.1.1"
	)

	# Check each vulnerable package
	for package_info in "${vulnerable_packages[@]}"; do
	read -r package_name version <<< "$package_info"
	check_package "$package_name" "$version"
	done

	echo "================================================"
	echo -e "📊 ${YELLOW}Summary:${NC}"
	echo -e " Total packages checked: $TOTAL_CHECKED"

	if [ $VULNERABLE_COUNT -eq 0 ]; then
	echo -e " ${GREEN}✅ No vulnerable packages found!${NC}"
	exit 0
	else
	echo -e " ${RED}⚠️ Found $VULNERABLE_COUNT vulnerable package(s)${NC}"
	echo ""
	echo -e "${YELLOW}🔧 Recommended actions:${NC}"
	echo " 1. Update vulnerable packages to their latest versions"
	echo " 2. Run 'npm audit' or 'yarn audit' for detailed security report"
	echo " 3. Consider using 'npm audit fix' or 'yarn audit fix' to auto-fix"
	echo " 4. Review your package-lock.json/yarn.lock files"
	exit 1
	fi
No results found