jsugarman · September 17, 2025 15:21
diff --git a/check-for-infected-packages.mjs b/check-for-infected-packages.mjs
 #!/usr/bin/env node

 import packagelock from "./package-lock.json" with {type: "json"} 
 import axios from 'axios'
 import jquery from 'jquery'
 import { JSDOM } from 'jsdom'

 axios.get('https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-again') 
 	.then(response => {
    const dom = new JSDOM(response.data)
    const $ = jquery(dom.window) 
    let packs = []

    $("table > tbody > tr").each( function(index, element) { 
      packs.push($($(element).find("td")[0]).text() + "," + $($(element).find("td")[1]).text().replace(/\s/g, ""));
    });

    checkInfected(packs);
  })
  .catch(error => {
    console.error("Error fetching page:", error.message);
  });

 function checkInfected(packs) {
  const packages = packs.flatMap(pkg => {
    const [name, ...versions] = pkg.split(",")
    console.log("testing: " + name + "," + versions)
    return versions.map(version => `node_modules/${name}@${version.trim()}`)
  })

  const readPackageLockVersions = () => {
    const versions = new Set();

    function extractVersions(dependencies) {
      for (const [name, info] of Object.entries(dependencies)) {
        if (info.version) {
          versions.add(`${name}@${info.version}`);
        }
        if (info.dependencies) {
          extractVersions(info.dependencies);
        }
      }
    }

    if (packagelock.packages) {
      extractVersions(packagelock.packages);
    }

    return [...versions].sort()
  }

  const versions = readPackageLockVersions()

  const found = packages.filter(pkg => versions.includes(pkg));

  if (found.length) {
      console.log(`\x1b[31mWARNING\x1b[0m found:`)
      found.forEach(pkg => console.log(`* ${pkg}\n`))
  } else {
      console.log(`No affected packages found ✅\n`)
    
  }
 }
	#!/usr/bin/env node

	import packagelock from "./package-lock.json" with {type: "json"}
	import axios from 'axios'
	import jquery from 'jquery'
	import { JSDOM } from 'jsdom'

	axios.get('https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-again')
	.then(response => {
	const dom = new JSDOM(response.data)
	const $ = jquery(dom.window)
	let packs = []

	$("table > tbody > tr").each( function(index, element) {
	packs.push($($(element).find("td")[0]).text() + "," + $($(element).find("td")[1]).text().replace(/\s/g, ""));
	});

	checkInfected(packs);
	})
	.catch(error => {
	console.error("Error fetching page:", error.message);
	});

	function checkInfected(packs) {
	const packages = packs.flatMap(pkg => {
	const [name, ...versions] = pkg.split(",")
	console.log("testing: " + name + "," + versions)
	return versions.map(version => `node_modules/${name}@${version.trim()}`)
	})

	const readPackageLockVersions = () => {
	const versions = new Set();

	function extractVersions(dependencies) {
	for (const [name, info] of Object.entries(dependencies)) {
	if (info.version) {
	versions.add(`${name}@${info.version}`);
	}
	if (info.dependencies) {
	extractVersions(info.dependencies);
	}
	}
	}

	if (packagelock.packages) {
	extractVersions(packagelock.packages);
	}

	return [...versions].sort()
	}

	const versions = readPackageLockVersions()

	const found = packages.filter(pkg => versions.includes(pkg));

	if (found.length) {
	console.log(`\x1b[31mWARNING\x1b[0m found:`)
	found.forEach(pkg => console.log(`* ${pkg}\n`))
	} else {
	console.log(`No affected packages found ✅\n`)

	}
	}