kekru

Scan minified node.js JavaScript apps like Angular with your docker container scanner

In the (docker) container world, we should use cve scanners like Trivy (free) or JFrog Xray to scan for known vulnerabilities.
In most cases, this just works.
But it typically does not work for statically compiled and minified JavaScript apps like Angular or React apps.

This is how to make your minified frontend app scannable with common scanners.

In my tests during september 2025, this worked for:

kekru

Find malicious packages in local node_modules folder and npm registries

In the last few weeks, a few supply chain attacks on widely used npm packages occured.
We often ask ourself, do we have affected versions locally?

Maybe we can trust our anti virus, but maybe not. To be sure, I have written this small script to scan locally for node_modules, and compare against a list of known malicious packages.

WARN: The list of malicious packages is hardcoded in this script!
We will not update this regularly!

kekru

Diff .tar.gz files in vscode (and other git clients)

Tested on Windows, but should also work on Linux and Max

1. Store the targzDiff.sh from below somewhere on your computer
2. Add to your ~/.gitconfig with path to local stored targzDiff.sh

[diff "targz"]
 textconv = sh -c 'cat $0 | ~/some/where/targzDiff.sh'

kekru

Confluence Server find broken attachments

Tested on Confluence Server 7.19.7 with MySQL DB

Based on How to determine the file paths for a page's attachments.
This is how to find out which attachments can not be downloaded, because the file is not found on the file system.

Create /tmp/query.sql

kekru

pgAdmin 6.15 does not work with nginx reverse proxy

Example to reproduce the issue at pgadmin-org/pgadmin4#5507

Download this git and run docker-compose up --build -d
When opening http://localhost:8080/pgadmin4/browser/ you can see, that not all requests from the javascript are going to /pgadmin

kekru

Gradle: Read repository secret from gpg encrypted .netrc file

This is how to read credentials from a .netrc formatted file, which is encrypted using gpg and use these credentials as login data for gradle remote repositories.

First you need to have gpg keys created.

Then create a ~/.netrc as shown below and encrypt it with gpg -r <your email> -e ~/.netrc, which will create a .netrc.gpg. Remove the unencypted .netrc afterwards.
Now create a ~/.gradle/init.gradle as shown below.

kekru

Sonarqube aggregate Generic Test Data Execution

This is how to combine multiple SonarQube test data reports in the Generic Execution format, using node js.

This can be useful, if you run multiple jest tests, exporting with jest-sonar-reporter and want to combine the results to pass it to SonarQube

We will use glob to find files and xml2js to combine them.

kekru

nginx: serve a file from Artifactory without authentication

With the following nginx config you can expose a single file from Artifactory without need to authenticate.
Be sure that you only expose the files that are allowed to be public

I dont't recommend to run this nginx in the public internet. Run it only inside your company's firewall!
No warranty, that is totally safe.

nginx config

kekru

Gradle: Union wrapper task to execute subtasks in order

This is how to create a union tasks to execute subtasks in order

task A { doLast { println 'A' }}
task B { doLast { println 'B' }}
task C { doLast { println 'C' }}
task D { doLast { println 'D' }}

kekru

Run a command in every directory of a VSCode workspace

Deno must be installed.
On Windows GitBash is required.

Setup an alias and then run a command in every project of a VSCode workspace

# Store alias in $HOME/.bashrc
alias vsforeach="deno run --allow-run --allow-read https://gist.githubusercontent.com/kekru/256d73c7819efc35e55cd88c5903ab46/raw/25072c432cbadee38ca2d725fbe7f03f5f6eafcc/vsforeach.js"