Skip to content

Instantly share code, notes, and snippets.

@puppybits

puppybits/npm-malicious-packages.sh

Last active August 3, 2017 20:25
Show Gist options
  • Save puppybits/37bc7044dd8aa314299927d204ca9246 to your computer and use it in GitHub Desktop.
Save puppybits/37bc7044dd8aa314299927d204ca9246 to your computer and use it in GitHub Desktop.
Download ZIP
NPM packages know to steal env secrets - https://iamakulov.com/notes/npm-malicious-packages/
Raw
npm-malicious-packages.sh
npm ls | grep -E "babelcli|crossenv|cross-env.js|d3.js|fabric-js|ffmepg|gruntcli|http-proxy.js|jquery.js|\
mariadb|mongose|mssql.js|mssql-node|mysqljs|nodecaffe|nodefabric|node-fabric|nodeffmpeg|nodemailer-js|\
nodemailer.js|nodemssql|node-opencv|node-opensl|node-openssl|noderequest|nodesass|nodesqlite|node-sqlite|\
node-tkinter|opencv.js|openssl.js|proxy.js|shadowsock|smb|sqlite.js|sqliter|sqlserver|tkinter"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment