Skip to content

Instantly share code, notes, and snippets.

@scottlet

scottlet/check-for-compromised-packages.sh

Created September 17, 2025 07:13
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save scottlet/0d3460bfdfe6de9154c91bdc9547fb8a to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save scottlet/0d3460bfdfe6de9154c91bdc9547fb8a to your computer and use it in GitHub Desktop.
Download ZIP
Check for compromised npm packages with yarn
Raw
check-for-compromised-packages.sh
#!/bin/zsh
# Compromised packages and versions to check
# Format: package@version
COMPROMISED_PACKAGES=(
"@ahmedhfarag/[email protected]",
"@ahmedhfarag/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@art-ws/[email protected]",
"@coveops/[email protected]",
"@crowdstrike/[email protected]",
"@crowdstrike/[email protected]",
"@crowdstrike/[email protected]",
"@crowdstrike/[email protected]",
"@crowdstrike/[email protected]",
"@crowdstrike/[email protected]",
"@crowdstrike/[email protected]",
"@crowdstrike/[email protected]",
"@crowdstrike/[email protected]",
"@crowdstrike/[email protected]",
"@crowdstrike/[email protected]",
"@crowdstrike/[email protected]",
"@crowdstrike/[email protected]",
"@crowdstrike/[email protected]",
"@crowdstrike/[email protected]",
"@crowdstrike/[email protected]",
"@crowdstrike/[email protected]",
"@crowdstrike/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@ctrl/[email protected]",
"@duckdb/[email protected]"
"@duckdb/[email protected]"
"@duckdb/[email protected]"
"@hestjs/[email protected]",
"@hestjs/[email protected]",
"@hestjs/[email protected]",
"@hestjs/[email protected]",
"@hestjs/[email protected]",
"@hestjs/[email protected]",
"@hestjs/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nativescript-community/[email protected]",
"@nexe/[email protected]",
"@nexe/[email protected]",
"@nexe/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@nstudio/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@operato/[email protected]",
"@teselagen/[email protected]",
"@teselagen/[email protected]",
"@teselagen/[email protected]",
"@teselagen/[email protected]",
"@teselagen/[email protected]",
"@teselagen/[email protected]",
"@teselagen/[email protected]",
"@teselagen/[email protected]",
"@teselagen/[email protected]",
"@teselagen/[email protected]",
"@teselagen/[email protected]",
"@teselagen/[email protected]",
"@teselagen/[email protected]",
"@teselagen/[email protected]",
"@teselagen/[email protected]",
"@thangved/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@things-factory/[email protected]",
"@tnf-dev/[email protected]",
"@tnf-dev/[email protected]",
"@tnf-dev/[email protected]",
"@tnf-dev/[email protected]",
"@tnf-dev/[email protected]",
"@ui-ux-gang/[email protected]",
"@yoobic/[email protected]",
"@yoobic/[email protected]",
"@yoobic/[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]"
"[email protected]"
"[email protected]"
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]"
"[email protected]"
"[email protected]"
"[email protected]"
"[email protected]"
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]"
"[email protected]",
"[email protected]"
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]"
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]"
"[email protected]",
"[email protected]"
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]"
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]"
"[email protected]"
"[email protected]"
"[email protected]"
"[email protected]"
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]"
)
echo "🔍 Checking for compromised packages using yarn why..."
# Function to check if a specific version of a package is installed
check_package_version() {
local pkg_name="$1"
local pkg_version="$2"
# Get all versions of the package using yarn why
local why_output=$(yarn why "$pkg_name" 2>/dev/null)
# If yarn why returns nothing, package is not installed
if [ -z "$why_output" ]; then
return 1 # Package not found
fi
# Check if the exact version is installed in the list of installed versions
local installed_versions=$(echo "$why_output" | \
grep -o -E "$pkg_name@(npm:)?[^: ]*" | \
sed 's/@npm:/@/' | \
sort -u | \
tr '\n' ' ' | \
sed 's/ $//')
# Check if our target version is in the installed versions
if echo "$installed_versions" | grep -q -E "(^| )$pkg_name@$pkg_version( |$)"; then
return 0 # Found exact version match
fi
if [ -n "$installed_versions" ]; then
echo "$installed_versions"
return 2 # Package exists but different version
fi
return 1 # Package not found
}
# Check each compromised package
FOUND_COMPROMISED=0
TOTAL_CHECKS=0
for pkg_spec in "${COMPROMISED_PACKAGES[@]}"; do
pkg_name="${pkg_spec%@*}"
pkg_version="${pkg_spec#*@}"
TOTAL_CHECKS=$((TOTAL_CHECKS + 1))
echo -n "Checking $pkg_name@$pkg_version... "
check_package_version "$pkg_name" "$pkg_version"
case $? in
0)
echo "❌ COMPROMISED (version $pkg_version found)"
FOUND_COMPROMISED=$((FOUND_COMPROMISED + 1))
;;
2)
installed_versions=$(yarn why "$pkg_name" 2>/dev/null | \
grep -o -E "$pkg_name@(npm:)?[^: ]*" | \
sed 's/@npm:/@/' | \
sort -u | \
tr '\n' ' ' | \
sed 's/ $//')
echo "✅ OK (found: $installed_versions)"
;;
*)
echo "ℹ️ Not installed"
;;
esac
done
# Print summary
echo -e "\n📊 Scan Complete:"
echo "- Total packages checked: $TOTAL_CHECKS"
echo "- Compromised packages found: $FOUND_COMPROMISED"
if [ $FOUND_COMPROMISED -gt 0 ]; then
echo -e "\n🚨 WARNING: $FOUND_COMPROMISED compromised package(s) found. Please update these packages immediately."
exit 1
else
echo -e "\n✅ No compromised packages found."
exit 0
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment