This script will check your pnpm cache and find if any of the affected packages was pulled in your machine. `chmod +x check-pnpm-cache.sh` before usage. Requires jq, use your package manager or `brew install jq` (MacOS) to install. Only tested on Linux

check-pnpm-cache.sh

#!/usr/bin/env bash
set -euo pipefail

# Update 1: Add [email protected] - from: https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised

packages_json='[
  {"name":"backslash","version":"0.2.1"},
  {"name":"chalk-template","version":"1.1.1"},
  {"name":"supports-hyperlinks","version":"4.1.1"},
  {"name":"has-ansi","version":"6.0.1"},
  {"name":"simple-swizzle","version":"0.2.3"},
  {"name":"color-string","version":"2.1.1"},
  {"name":"error-ex","version":"1.3.3"},
  {"name":"color-name","version":"2.0.1"},
  {"name":"is-arrayish","version":"0.3.3"},
  {"name":"slice-ansi","version":"7.1.1"},
  {"name":"color-convert","version":"3.1.1"},
  {"name":"wrap-ansi","version":"9.0.1"},
  {"name":"ansi-regex","version":"6.2.1"},
  {"name":"supports-color","version":"10.2.1"},
  {"name":"strip-ansi","version":"7.1.1"},
  {"name":"chalk","version":"5.6.1"},
  {"name":"debug","version":"4.4.2"},
  {"name":"ansi-styles","version":"6.2.2"},
  {"name":"proto-tinker-wc","version":"0.1.87"}
]'

if ! command -v jq >/dev/null 2>&1; then
  echo "Error: 'jq' is required (to parse the JSON array-of-objects)."
  exit 1
fi

echo "Running 'pnpm cache view' for given packages..."

echo
echo "Packages found in npm cache:"
tmpfile=$(mktemp)
trap 'rm -f "$tmpfile"' EXIT

echo "$packages_json" | jq -r '.[] | "\(.name)\t\(.version)"' | while read -r name version; do
  cached="$(pnpm cache view "$name")"
  if [ "$cached" == "{}" ]; then
    continue;
  fi

  echo "$cached" | jq -r '.["registry.npmjs.org"].cachedVersions[]' | while read cversion; do
    if [ "$cversion" == "$version" ]; then
      echo "• $name@$version"
      echo 1 >> "$tmpfile"
    fi
  done
done

if ! grep -q 1 "$tmpfile"; then
  echo "(none)"
fi