Skip to content

Instantly share code, notes, and snippets.

@sanstream

sanstream/scan-for-packages.js

Created December 19, 2025 12:47
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save sanstream/b0ab599cffa9efc1ce03d851acd7e983 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save sanstream/b0ab599cffa9efc1ce03d851acd7e983 to your computer and use it in GitHub Desktop.
Download ZIP
Sha1-hulud 2.0 detection script
Raw
scan-for-packages.js
#!/usr/bin/env node
const fs = require("fs");
const path = require("path");
const watchList = [
"02-echo",
"@accordproject/concerto-analysis",
"@accordproject/concerto-linter",
"@accordproject/concerto-linter-default-ruleset",
"@accordproject/concerto-metamodel",
"@accordproject/concerto-types",
"@accordproject/markdown-it-cicero",
"@accordproject/template-engine",
"@actbase/css-to-react-native-transform",
"@actbase/native",
"@actbase/node-server",
"@actbase/react-absolute",
"@actbase/react-daum-postcode",
"@actbase/react-kakaosdk",
"@actbase/react-native-actionsheet",
"@actbase/react-native-devtools",
"@actbase/react-native-fast-image",
"@actbase/react-native-kakao-channel",
"@actbase/react-native-kakao-navi",
"@actbase/react-native-less-transformer",
"@actbase/react-native-naver-login",
"@actbase/react-native-simple-video",
"@actbase/react-native-tiktok",
"@afetcan/api",
"@afetcan/storage",
"@alaan/s2s-auth",
"@alexadark/amadeus-api",
"@alexadark/gatsby-theme-events",
"@alexadark/gatsby-theme-wordpress-blog",
"@alexadark/reusable-functions",
"@alexcolls/nuxt-socket.io",
"@alexcolls/nuxt-socket.io",
"@alexcolls/nuxt-ux",
"@alexcolls/nuxt-ux",
"@antstackio/eslint-config-antstack",
"@antstackio/express-graphql-proxy",
"@antstackio/graphql-body-parser",
"@antstackio/json-to-graphql",
"@antstackio/shelbysam",
"@aryanhussain/my-angular-lib",
"@asyncapi/avro-schema-parser",
"@asyncapi/avro-schema-parser",
"@asyncapi/bundler",
"@asyncapi/bundler",
"@asyncapi/cli",
"@asyncapi/cli",
"@asyncapi/converter",
"@asyncapi/converter",
"@asyncapi/diff",
"@asyncapi/diff",
"@asyncapi/dotnet-rabbitmq-template",
"@asyncapi/dotnet-rabbitmq-template",
"@asyncapi/edavisualiser",
"@asyncapi/edavisualiser",
"@asyncapi/generator",
"@asyncapi/generator",
"@asyncapi/generator-components",
"@asyncapi/generator-components",
"@asyncapi/generator-helpers",
"@asyncapi/generator-helpers",
"@asyncapi/generator-react-sdk",
"@asyncapi/generator-react-sdk",
"@asyncapi/go-watermill-template",
"@asyncapi/go-watermill-template",
"@asyncapi/html-template",
"@asyncapi/html-template",
"@asyncapi/java-spring-cloud-stream-template",
"@asyncapi/java-spring-cloud-stream-template",
"@asyncapi/java-spring-template",
"@asyncapi/java-spring-template",
"@asyncapi/java-template",
"@asyncapi/java-template",
"@asyncapi/keeper",
"@asyncapi/keeper",
"@asyncapi/markdown-template",
"@asyncapi/markdown-template",
"@asyncapi/modelina",
"@asyncapi/modelina-cli",
"@asyncapi/modelina-cli",
"@asyncapi/multi-parser",
"@asyncapi/multi-parser",
"@asyncapi/nodejs-template",
"@asyncapi/nodejs-template",
"@asyncapi/nodejs-ws-template",
"@asyncapi/nodejs-ws-template",
"@asyncapi/nunjucks-filters",
"@asyncapi/nunjucks-filters",
"@asyncapi/openapi-schema-parser",
"@asyncapi/openapi-schema-parser",
"@asyncapi/optimizer",
"@asyncapi/optimizer",
"@asyncapi/parser",
"@asyncapi/parser",
"@asyncapi/php-template",
"@asyncapi/php-template",
"@asyncapi/problem",
"@asyncapi/problem",
"@asyncapi/protobuf-schema-parser",
"@asyncapi/protobuf-schema-parser",
"@asyncapi/protobuf-schema-parser",
"@asyncapi/python-paho-template",
"@asyncapi/python-paho-template",
"@asyncapi/react-component",
"@asyncapi/react-component",
"@asyncapi/server-api",
"@asyncapi/server-api",
"@asyncapi/specs",
"@asyncapi/specs",
"@asyncapi/studio",
"@asyncapi/studio",
"@asyncapi/web-component",
"@asyncapi/web-component",
"@bdkinc/knex-ibmi",
"@browserbasehq/bb9",
"@browserbasehq/director-ai",
"@browserbasehq/mcp",
"@browserbasehq/mcp-server-browserbase",
"@browserbasehq/sdk-functions",
"@browserbasehq/stagehand",
"@browserbasehq/stagehand-docs",
"@caretive/caret-cli",
"@chtijs/eslint-config",
"@clausehq/flows-step-httprequest",
"@clausehq/flows-step-jsontoxml",
"@clausehq/flows-step-mqtt",
"@clausehq/flows-step-sendgridemail",
"@clausehq/flows-step-taskscreateurl",
"@cllbk/ghl",
"@commute/bloom",
"@commute/market-data",
"@commute/market-data-chartjs",
"@dev-blinq/ai-qa-logic",
"@dev-blinq/blinqioclient",
"@dev-blinq/cucumber-js",
"@dev-blinq/cucumber_client",
"@dev-blinq/ui-systems",
"@ensdomains/address-encoder",
"@ensdomains/blacklist",
"@ensdomains/buffer",
"@ensdomains/ccip-read-cf-worker",
"@ensdomains/ccip-read-dns-gateway",
"@ensdomains/ccip-read-router",
"@ensdomains/ccip-read-worker-viem",
"@ensdomains/content-hash",
"@ensdomains/curvearithmetics",
"@ensdomains/cypress-metamask",
"@ensdomains/dnsprovejs",
"@ensdomains/dnssec-oracle-anchors",
"@ensdomains/dnssecoraclejs",
"@ensdomains/durin",
"@ensdomains/durin-middleware",
"@ensdomains/ens-archived-contracts",
"@ensdomains/ens-avatar",
"@ensdomains/ens-contracts",
"@ensdomains/ens-test-env",
"@ensdomains/ens-validation",
"@ensdomains/ensjs",
"@ensdomains/ensjs-react",
"@ensdomains/eth-ens-namehash",
"@ensdomains/hackathon-registrar",
"@ensdomains/hardhat-chai-matchers-viem",
"@ensdomains/hardhat-toolbox-viem-extended",
"@ensdomains/mock",
"@ensdomains/name-wrapper",
"@ensdomains/offchain-resolver-contracts",
"@ensdomains/op-resolver-contracts",
"@ensdomains/react-ens-address",
"@ensdomains/renewal",
"@ensdomains/renewal-widget",
"@ensdomains/reverse-records",
"@ensdomains/server-analytics",
"@ensdomains/solsha1",
"@ensdomains/subdomain-registrar",
"@ensdomains/test-utils",
"@ensdomains/thorin",
"@ensdomains/ui",
"@ensdomains/unicode-confusables",
"@ensdomains/unruggable-gateways",
"@ensdomains/vite-plugin-i18next-loader",
"@ensdomains/web3modal",
"@everreal/react-charts",
"@everreal/validate-esmoduleinterop-imports",
"@everreal/web-analytics",
"@faq-component/core",
"@faq-component/react",
"@fishingbooker/browser-sync-plugin",
"@fishingbooker/react-loader",
"@fishingbooker/react-pagination",
"@fishingbooker/react-raty",
"@fishingbooker/react-swiper",
"@hapheus/n8n-nodes-pgp",
"@hover-design/core",
"@hover-design/react",
"@huntersofbook/auth-vue",
"@huntersofbook/core",
"@huntersofbook/core-nuxt",
"@huntersofbook/form-naiveui",
"@huntersofbook/i18n",
"@huntersofbook/ui",
"@hyperlook/telemetry-sdk",
"@ifelsedeveloper/protocol-contracts-svm-idl",
"@ifelsedeveloper/protocol-contracts-svm-idl",
"@ifings/design-system",
"@ifings/metatron3",
"@jayeshsadhwani/telemetry-sdk",
"@kvytech/cli",
"@kvytech/components",
"@kvytech/habbit-e2e-test",
"@kvytech/medusa-plugin-announcement",
"@kvytech/medusa-plugin-management",
"@kvytech/medusa-plugin-newsletter",
"@kvytech/medusa-plugin-product-reviews",
"@kvytech/medusa-plugin-promotion",
"@kvytech/web",
"@lessondesk/api-client",
"@lessondesk/api-client",
"@lessondesk/babel-preset",
"@lessondesk/electron-group-api-client",
"@lessondesk/eslint-config",
"@lessondesk/material-icons",
"@lessondesk/react-table-context",
"@lessondesk/schoolbus",
"@lessondesk/schoolbus",
"@livecms/live-edit",
"@livecms/nuxt-live-edit",
"@lokeswari-satyanarayanan/rn-zustand-expo-template",
"@louisle2/core",
"@louisle2/cortex-js",
"@lpdjs/firestore-repo-service",
"@lui-ui/lui-nuxt",
"@lui-ui/lui-tailwindcss",
"@lui-ui/lui-vue",
"@markvivanco/app-version-checker",
"@mcp-use/cli",
"@mcp-use/cli",
"@mcp-use/inspector",
"@mcp-use/inspector",
"@mcp-use/mcp-use",
"@mcp-use/mcp-use",
"@micado-digital/stadtmarketing-kufstein-external",
"@ntnx/passport-wso2",
"@ntnx/t",
"@oku-ui/accordion",
"@oku-ui/alert-dialog",
"@oku-ui/arrow",
"@oku-ui/aspect-ratio",
"@oku-ui/avatar",
"@oku-ui/checkbox",
"@oku-ui/collapsible",
"@oku-ui/collection",
"@oku-ui/dialog",
"@oku-ui/direction",
"@oku-ui/dismissable-layer",
"@oku-ui/focus-guards",
"@oku-ui/focus-scope",
"@oku-ui/hover-card",
"@oku-ui/label",
"@oku-ui/menu",
"@oku-ui/motion",
"@oku-ui/motion-nuxt",
"@oku-ui/popover",
"@oku-ui/popper",
"@oku-ui/portal",
"@oku-ui/presence",
"@oku-ui/primitive",
"@oku-ui/primitives",
"@oku-ui/primitives-nuxt",
"@oku-ui/progress",
"@oku-ui/provide",
"@oku-ui/radio-group",
"@oku-ui/roving-focus",
"@oku-ui/scroll-area",
"@oku-ui/separator",
"@oku-ui/slider",
"@oku-ui/slot",
"@oku-ui/switch",
"@oku-ui/tabs",
"@oku-ui/toast",
"@oku-ui/toggle",
"@oku-ui/toggle-group",
"@oku-ui/toolbar",
"@oku-ui/tooltip",
"@oku-ui/use-composable",
"@oku-ui/utils",
"@oku-ui/visually-hidden",
"@orbitgtbelgium/mapbox-gl-draw-cut-polygon-mode",
"@orbitgtbelgium/mapbox-gl-draw-scale-rotate-mode",
"@orbitgtbelgium/orbit-components",
"@orbitgtbelgium/time-slider",
"@osmanekrem/bmad",
"@osmanekrem/error-handler",
"@pergel/cli",
"@pergel/module-box",
"@pergel/module-graphql",
"@pergel/module-ui",
"@pergel/nuxt",
"@posthog/agent",
"@posthog/ai",
"@posthog/automatic-cohorts-plugin",
"@posthog/bitbucket-release-tracker",
"@posthog/cli",
"@posthog/clickhouse",
"@posthog/core",
"@posthog/currency-normalization-plugin",
"@posthog/customerio-plugin",
"@posthog/databricks-plugin",
"@posthog/drop-events-on-property-plugin",
"@posthog/event-sequence-timer-plugin",
"@posthog/filter-out-plugin",
"@posthog/first-time-event-tracker",
"@posthog/geoip-plugin",
"@posthog/github-release-tracking-plugin",
"@posthog/gitub-star-sync-plugin",
"@posthog/heartbeat-plugin",
"@posthog/hedgehog-mode",
"@posthog/icons",
"@posthog/ingestion-alert-plugin",
"@posthog/intercom-plugin",
"@posthog/kinesis-plugin",
"@posthog/laudspeaker-plugin",
"@posthog/lemon-ui",
"@posthog/maxmind-plugin",
"@posthog/migrator3000-plugin",
"@posthog/netdata-event-processing",
"@posthog/nextjs",
"@posthog/nextjs-config",
"@posthog/nuxt",
"@posthog/pagerduty-plugin",
"@posthog/piscina",
"@posthog/plugin-contrib",
"@posthog/plugin-server",
"@posthog/plugin-unduplicates",
"@posthog/postgres-plugin",
"@posthog/react-rrweb-player",
"@posthog/rrdom",
"@posthog/rrweb",
"@posthog/rrweb-player",
"@posthog/rrweb-record",
"@posthog/rrweb-replay",
"@posthog/rrweb-snapshot",
"@posthog/rrweb-utils",
"@posthog/sendgrid-plugin",
"@posthog/siphash",
"@posthog/snowflake-export-plugin",
"@posthog/taxonomy-plugin",
"@posthog/twilio-plugin",
"@posthog/twitter-followers-plugin",
"@posthog/url-normalizer-plugin",
"@posthog/variance-plugin",
"@posthog/web-dev-server",
"@posthog/wizard",
"@posthog/zendesk-plugin",
"@postman/csv-parse",
"@postman/csv-parse",
"@postman/final-node-keytar",
"@postman/final-node-keytar",
"@postman/final-node-keytar",
"@postman/mcp-ui-client",
"@postman/mcp-ui-client",
"@postman/node-keytar",
"@postman/node-keytar",
"@postman/pm-bin-linux-x64",
"@postman/pm-bin-linux-x64",
"@postman/pm-bin-linux-x64",
"@postman/pm-bin-macos-arm64",
"@postman/pm-bin-macos-arm64",
"@postman/pm-bin-macos-x64",
"@postman/pm-bin-macos-x64",
"@postman/pm-bin-windows-x64",
"@postman/pm-bin-windows-x64",
"@postman/postman-collection-fork",
"@postman/postman-collection-fork",
"@postman/postman-mcp-cli",
"@postman/postman-mcp-cli",
"@postman/postman-mcp-cli",
"@postman/postman-mcp-server",
"@postman/postman-mcp-server",
"@postman/pretty-ms",
"@postman/pretty-ms",
"@postman/pretty-ms",
"@postman/secret-scanner-wasm",
"@postman/secret-scanner-wasm",
"@postman/tunnel-agent",
"@postman/tunnel-agent",
"@postman/wdio-allure-reporter",
"@postman/wdio-allure-reporter",
"@postman/wdio-junit-reporter",
"@postman/wdio-junit-reporter",
"@postman/wdio-junit-reporter",
"@pradhumngautam/common-app",
"@productdevbook/animejs-vue",
"@productdevbook/auth",
"@productdevbook/chatwoot",
"@productdevbook/motion",
"@productdevbook/ts-i18n",
"@pruthvi21/use-debounce",
"@quick-start-soft/quick-document-translator",
"@quick-start-soft/quick-git-clean-markdown",
"@quick-start-soft/quick-markdown",
"@quick-start-soft/quick-markdown-compose",
"@quick-start-soft/quick-markdown-image",
"@quick-start-soft/quick-markdown-print",
"@quick-start-soft/quick-markdown-translator",
"@quick-start-soft/quick-remove-image-background",
"@quick-start-soft/quick-task-refine",
"@relyt/claude-context-core",
"@relyt/claude-context-mcp",
"@sameepsi/sor",
"@sameepsi/sor2",
"@seezo/sdr-mcp-server",
"@seung-ju/next",
"@seung-ju/openapi-generator",
"@seung-ju/react-hooks",
"@seung-ju/react-native-action-sheet",
"@silgi/better-auth",
"@silgi/drizzle",
"@silgi/ecosystem",
"@silgi/graphql",
"@silgi/module-builder",
"@silgi/openapi",
"@silgi/permission",
"@silgi/ratelimit",
"@silgi/scalar",
"@silgi/yoga",
"@sme-ui/aoma-vevasound-metadata-lib",
"@strapbuild/react-native-date-time-picker",
"@strapbuild/react-native-perspective-image-cropper",
"@strapbuild/react-native-perspective-image-cropper-2",
"@strapbuild/react-native-perspective-image-cropper-poojan31",
"@suraj_h/medium-common",
"@thedelta/eslint-config",
"@tiaanduplessis/json",
"@tiaanduplessis/json",
"@tiaanduplessis/react-progressbar",
"@tiaanduplessis/react-progressbar",
"@trackstar/angular-trackstar-link",
"@trackstar/react-trackstar-link",
"@trackstar/react-trackstar-link-upgrade",
"@trackstar/test-angular-package",
"@trackstar/test-package",
"@trefox/sleekshop-js",
"@trigo/atrix",
"@trigo/atrix-acl",
"@trigo/atrix-elasticsearch",
"@trigo/atrix-mongoose",
"@trigo/atrix-orientdb",
"@trigo/atrix-postgres",
"@trigo/atrix-pubsub",
"@trigo/atrix-redis",
"@trigo/atrix-soap",
"@trigo/atrix-swagger",
"@trigo/bool-expressions",
"@trigo/eslint-config-trigo",
"@trigo/fsm",
"@trigo/hapi-auth-signedlink",
"@trigo/jsdt",
"@trigo/keycloak-api",
"@trigo/node-soap",
"@trigo/pathfinder-ui-css",
"@trigo/trigo-hapijs",
"@trpc-rate-limiter/cloudflare",
"@trpc-rate-limiter/hono",
"@varsityvibe/api-client",
"@varsityvibe/api-client",
"@varsityvibe/utils",
"@varsityvibe/validation-schemas",
"@varsityvibe/validation-schemas",
"@viapip/eslint-config",
"@vishadtyagi/full-year-calendar",
"@voiceflow/alexa-types",
"@voiceflow/anthropic",
"@voiceflow/anthropic",
"@voiceflow/api-sdk",
"@voiceflow/backend-utils",
"@voiceflow/backend-utils",
"@voiceflow/base-types",
"@voiceflow/base-types",
"@voiceflow/body-parser",
"@voiceflow/body-parser",
"@voiceflow/chat-types",
"@voiceflow/chat-types",
"@voiceflow/circleci-config-sdk-orb-import",
"@voiceflow/circleci-config-sdk-orb-import",
"@voiceflow/commitlint-config",
"@voiceflow/common",
"@voiceflow/common",
"@voiceflow/default-prompt-wrappers",
"@voiceflow/default-prompt-wrappers",
"@voiceflow/dependency-cruiser-config",
"@voiceflow/dependency-cruiser-config",
"@voiceflow/dtos-interact",
"@voiceflow/dtos-interact",
"@voiceflow/encryption",
"@voiceflow/encryption",
"@voiceflow/eslint-config",
"@voiceflow/eslint-config",
"@voiceflow/eslint-plugin",
"@voiceflow/eslint-plugin",
"@voiceflow/exception",
"@voiceflow/exception",
"@voiceflow/fetch",
"@voiceflow/fetch",
"@voiceflow/general-types",
"@voiceflow/general-types",
"@voiceflow/git-branch-check",
"@voiceflow/google-dfes-types",
"@voiceflow/google-dfes-types",
"@voiceflow/google-types",
"@voiceflow/husky-config",
"@voiceflow/logger",
"@voiceflow/logger",
"@voiceflow/metrics",
"@voiceflow/metrics",
"@voiceflow/natural-language-commander",
"@voiceflow/natural-language-commander",
"@voiceflow/nestjs-common",
"@voiceflow/nestjs-common",
"@voiceflow/nestjs-mongodb",
"@voiceflow/nestjs-mongodb",
"@voiceflow/nestjs-rate-limit",
"@voiceflow/nestjs-rate-limit",
"@voiceflow/nestjs-redis",
"@voiceflow/nestjs-redis",
"@voiceflow/nestjs-timeout",
"@voiceflow/npm-package-json-lint-config",
"@voiceflow/openai",
"@voiceflow/openai",
"@voiceflow/pino",
"@voiceflow/pino",
"@voiceflow/pino-pretty",
"@voiceflow/pino-pretty",
"@voiceflow/prettier-config",
"@voiceflow/react-chat",
"@voiceflow/runtime",
"@voiceflow/runtime",
"@voiceflow/runtime-client-js",
"@voiceflow/runtime-client-js",
"@voiceflow/sdk-runtime",
"@voiceflow/sdk-runtime",
"@voiceflow/secrets-provider",
"@voiceflow/semantic-release-config",
"@voiceflow/serverless-plugin-typescript",
"@voiceflow/serverless-plugin-typescript",
"@voiceflow/slate-serializer",
"@voiceflow/slate-serializer",
"@voiceflow/stitches-react",
"@voiceflow/stitches-react",
"@voiceflow/storybook-config",
"@voiceflow/storybook-config",
"@voiceflow/stylelint-config",
"@voiceflow/test-common",
"@voiceflow/test-common",
"@voiceflow/tsconfig",
"@voiceflow/tsconfig-paths",
"@voiceflow/tsconfig-paths",
"@voiceflow/utils-designer",
"@voiceflow/verror",
"@voiceflow/vite-config",
"@voiceflow/vite-config",
"@voiceflow/vitest-config",
"@voiceflow/vitest-config",
"@voiceflow/voice-types",
"@voiceflow/voice-types",
"@voiceflow/voiceflow-types",
"@voiceflow/voiceflow-types",
"@voiceflow/widget",
"@voiceflow/widget",
"@vucod/email",
"@zapier/ai-actions",
"@zapier/ai-actions",
"@zapier/ai-actions",
"@zapier/ai-actions-react",
"@zapier/ai-actions-react",
"@zapier/ai-actions-react",
"@zapier/babel-preset-zapier",
"@zapier/babel-preset-zapier",
"@zapier/babel-preset-zapier",
"@zapier/browserslist-config-zapier",
"@zapier/browserslist-config-zapier",
"@zapier/browserslist-config-zapier",
"@zapier/eslint-plugin-zapier",
"@zapier/eslint-plugin-zapier",
"@zapier/eslint-plugin-zapier",
"@zapier/mcp-integration",
"@zapier/mcp-integration",
"@zapier/mcp-integration",
"@zapier/secret-scrubber",
"@zapier/secret-scrubber",
"@zapier/secret-scrubber",
"@zapier/spectral-api-ruleset",
"@zapier/spectral-api-ruleset",
"@zapier/spectral-api-ruleset",
"@zapier/stubtree",
"@zapier/stubtree",
"@zapier/stubtree",
"@zapier/zapier-sdk",
"@zapier/zapier-sdk",
"@zapier/zapier-sdk",
"ai-crowl-shield",
"arc-cli-fc",
"asciitranslator",
"asyncapi-preview",
"asyncapi-preview",
"atrix",
"atrix-mongoose",
"automation_model",
"avvvatars-vue",
"axios-builder",
"axios-cancelable",
"axios-cancelable",
"axios-timed",
"axios-timed",
"barebones-css",
"barebones-css",
"benmostyn-frame-print",
"best_gpio_controller",
"better-auth-nuxt",
"bidirectional-adapter",
"bidirectional-adapter",
"bidirectional-adapter",
"bidirectional-adapter",
"blinqio-executions-cli",
"blob-to-base64",
"bool-expressions",
"buffered-interpolation-babylon6",
"bun-plugin-httpfile",
"bytecode-checker-cli",
"bytecode-checker-cli",
"bytecode-checker-cli",
"bytecode-checker-cli",
"bytes-to-x",
"calc-loan-interest",
"capacitor-plugin-apptrackingios",
"capacitor-plugin-purchase",
"capacitor-plugin-scgssigninwithgoogle",
"capacitor-purchase-history",
"capacitor-voice-recorder-wav",
"ceviz",
"chrome-extension-downloads",
"chrome-extension-downloads",
"claude-token-updater",
"coinmarketcap-api",
"coinmarketcap-api",
"colors-regex",
"command-irail",
"compare-obj",
"compare-obj",
"composite-reducer",
"composite-reducer",
"composite-reducer",
"composite-reducer",
"count-it-down",
"count-it-down",
"cpu-instructions",
"create-director-app",
"create-glee-app",
"create-glee-app",
"create-hardhat3-app",
"create-hardhat3-app",
"create-hardhat3-app",
"create-hardhat3-app",
"create-mcp-use-app",
"create-mcp-use-app",
"create-silgi",
"crypto-addr-codec",
"css-dedoupe",
"csv-tool-cli",
"dashboard-empty-state",
"designstudiouiux",
"devstart-cli",
"dialogflow-es",
"dialogflow-es",
"dialogflow-es",
"discord-bot-server",
"docusaurus-plugin-vanilla-extract",
"dont-go",
"dotnet-template",
"dotnet-template",
"drop-events-on-property-plugin",
"easypanel-sdk",
"email-deliverability-tester",
"enforce-branch-name",
"esbuild-plugin-brotli",
"esbuild-plugin-eta",
"esbuild-plugin-httpfile",
"eslint-config-nitpicky",
"eslint-config-trigo",
"eslint-config-zeallat-base",
"ethereum-ens",
"evm-checkcode-cli",
"evm-checkcode-cli",
"evm-checkcode-cli",
"evm-checkcode-cli",
"exact-ticker",
"expo-audio-session",
"expo-router-on-rails",
"express-starter-template",
"expressos",
"fat-fingered",
"fat-fingered",
"feature-flip",
"feature-flip",
"firestore-search-engine",
"fittxt",
"fittxt",
"flapstacks",
"flapstacks",
"flatten-unflatten",
"flatten-unflatten",
"formik-error-focus",
"formik-store",
"frontity-starter-theme",
"fuzzy-finder",
"fuzzy-finder",
"gate-evm-check-code2",
"gate-evm-check-code2",
"gate-evm-check-code2",
"gate-evm-check-code2",
"gate-evm-tools-test",
"gate-evm-tools-test",
"gate-evm-tools-test",
"gate-evm-tools-test",
"gatsby-plugin-antd",
"gatsby-plugin-cname",
"gatsby-plugin-cname",
"generator-meteor-stock",
"generator-ng-itobuz",
"get-them-args",
"github-action-for-generator",
"github-action-for-generator",
"gitsafe",
"go-template",
"go-template",
"gulp-inject-envs",
"gulp-inject-envs",
"haufe-axera-api-client",
"hope-mapboxdraw",
"hopedraw",
"hover-design-prototype",
"httpness",
"httpness",
"hyper-fullfacing",
"hyperterm-hipster",
"ids-css",
"ids-enterprise-mcp-server",
"ids-enterprise-typings",
"image-to-uri",
"image-to-uri",
"insomnia-plugin-random-pick",
"invo",
"iron-shield-miniapp",
"ito-button",
"itobuz-angular",
"itobuz-angular-auth",
"itobuz-angular-button",
"jacob-zuma",
"jacob-zuma",
"jaetut-varit-test",
"jan-browser",
"jquery-bindings",
"jquery-bindings",
"jsonsurge",
"just-toasty",
"kill-port",
"kill-port",
"kinetix-default-token-list",
"kns-error-code",
"korea-administrative-area-geo-json-util",
"kwami",
"kwami",
"lang-codes",
"lang-codes",
"license-o-matic",
"license-o-matic",
"lint-staged-imagemin",
"lint-staged-imagemin",
"lite-serper-mcp-server",
"lui-vue-test",
"luno-api",
"m25-transaction-utils",
"manual-billing-system-miniapp-api",
"mcp-use",
"mcp-use",
"medusa-plugin-announcement",
"medusa-plugin-logs",
"medusa-plugin-momo",
"medusa-plugin-product-reviews-kvy",
"medusa-plugin-zalopay",
"mod10-check-digit",
"mon-package-react-typescript",
"my-saeed-lib",
"n8n-nodes-tmdb",
"n8n-nodes-vercel-ai-sdk",
"n8n-nodes-viral-app",
"nanoreset",
"nanoreset",
"next-circular-dependency",
"next-circular-dependency",
"next-simple-google-analytics",
"next-simple-google-analytics",
"next-styled-nprogress",
"next-styled-nprogress",
"ngx-useful-swiper-prosenjit",
"ngx-wooapi",
"nitro-graphql",
"nitro-kutu",
"nitrodeploy",
"nitroping",
"normal-store",
"normal-store",
"normal-store",
"normal-store",
"nuxt-keycloak",
"obj-to-css",
"obj-to-css",
"okta-react-router-6",
"open2internet",
"orbit-boxicons",
"orbit-nebula-draw-tools",
"orbit-nebula-editor",
"orbit-soap",
"orchestrix",
"package-tester",
"parcel-plugin-asset-copier",
"parcel-plugin-asset-copier",
"pdf-annotation",
"pergel",
"pergeltest",
"piclite",
"pico-uid",
"pico-uid",
"pkg-readme",
"poper-react-sdk",
"posthog-docusaurus",
"posthog-js",
"posthog-node",
"posthog-node",
"posthog-plugin-hello-world",
"posthog-react-native",
"posthog-react-native",
"posthog-react-native-session-replay",
"prime-one-table",
"prompt-eng",
"prompt-eng-server",
"puny-req",
"quickswap-ads-list",
"quickswap-default-staking-list",
"quickswap-default-staking-list-address",
"quickswap-default-token-list",
"quickswap-router-sdk",
"quickswap-sdk",
"quickswap-smart-order-router",
"quickswap-token-lists",
"quickswap-v2-sdk",
"ra-auth-firebase",
"ra-data-firebase",
"ra-data-firebase",
"react-component-taggers",
"react-data-to-export",
"react-element-prompt-inspector",
"react-favic",
"react-hook-form-persist",
"react-hook-form-persist",
"react-jam-icons",
"react-jam-icons",
"react-keycloak-context",
"react-keycloak-context",
"react-library-setup",
"react-linear-loader",
"react-micromodal.js",
"react-micromodal.js",
"react-native-datepicker-modal",
"react-native-datepicker-modal",
"react-native-email",
"react-native-email",
"react-native-fetch",
"react-native-fetch",
"react-native-get-pixel-dimensions",
"react-native-get-pixel-dimensions",
"react-native-google-maps-directions",
"react-native-jam-icons",
"react-native-jam-icons",
"react-native-log-level",
"react-native-log-level",
"react-native-modest-checkbox",
"react-native-modest-storage",
"react-native-phone-call",
"react-native-phone-call",
"react-native-retriable-fetch",
"react-native-retriable-fetch",
"react-native-use-modal",
"react-native-view-finder",
"react-native-view-finder",
"react-native-websocket",
"react-native-websocket",
"react-native-worklet-functions",
"react-packery-component",
"react-qr-image",
"react-scrambled-text",
"rediff",
"rediff-viewer",
"redux-forge",
"redux-router-kit",
"redux-router-kit",
"redux-router-kit",
"revenuecat",
"rollup-plugin-httpfile",
"sa-company-registration-number-regex",
"sa-company-registration-number-regex",
"sa-id-gen",
"sa-id-gen",
"samesame",
"scgs-capacitor-subscribe",
"scgsffcreator",
"schob",
"selenium-session",
"selenium-session-client",
"set-nested-prop",
"set-nested-prop",
"shelf-jwt-sessions",
"shell-exec",
"shell-exec",
"shinhan-limit-scrap",
"silgi",
"simplejsonform",
"skills-use",
"skills-use",
"solomon-api-stories",
"solomon-v3-stories",
"solomon-v3-ui-wrapper",
"soneium-acs",
"sort-by-distance",
"south-african-id-info",
"stat-fns",
"stoor",
"sufetch",
"super-commit",
"svelte-autocomplete-select",
"svelte-toasty",
"svelte-toasty",
"tanstack-shadcn-table",
"tavily-module",
"tcsp",
"tcsp-draw-test",
"tcsp-test-vd",
"template-lib",
"template-lib",
"template-micro-service",
"template-micro-service",
"tenacious-fetch",
"tenacious-fetch",
"test-foundry-app",
"test-foundry-app",
"test-foundry-app",
"test-foundry-app",
"test-hardhat-app",
"test-hardhat-app",
"test-hardhat-app",
"test-hardhat-app",
"test23112222-api",
"tiaan",
"tiptap-shadcn-vue",
"token.js-fork",
"toonfetch",
"trigo-react-app",
"ts-relay-cursor-paging",
"typeface-antonio-complete",
"typefence",
"typefence",
"typeorm-orbit",
"unadapter",
"undefsafe-typed",
"unemail",
"uniswap-router-sdk",
"uniswap-smart-order-router",
"uniswap-test-sdk-core",
"unsearch",
"uplandui",
"upload-to-play-store",
"upload-to-play-store",
"url-encode-decode",
"url-encode-decode",
"use-unsaved-changes",
"v-plausible",
"valid-south-african-id",
"valuedex-sdk",
"vf-oss-template",
"vf-oss-template",
"vf-oss-template",
"victoria-wallet-constants",
"victoria-wallet-constants",
"victoria-wallet-core",
"victoria-wallet-core",
"victoria-wallet-type",
"victoria-wallet-type",
"victoria-wallet-utils",
"victoria-wallet-utils",
"victoria-wallet-validator",
"victoria-wallet-validator",
"victoriaxoaquyet-wallet-core",
"victoriaxoaquyet-wallet-core",
"vite-plugin-httpfile",
"vue-browserupdate-nuxt",
"wallet-evm",
"wallet-evm",
"wallet-type",
"wallet-type",
"web-scraper-mcp",
"web-types-htmx",
"web-types-lit",
"webpack-loader-httpfile",
"wellness-expert-ng-gallery",
"wenk",
"wenk",
"zapier-async-storage",
"zapier-async-storage",
"zapier-async-storage",
"zapier-platform-cli",
"zapier-platform-cli",
"zapier-platform-cli",
"zapier-platform-core",
"zapier-platform-core",
"zapier-platform-core",
"zapier-platform-legacy-scripting-runner",
"zapier-platform-legacy-scripting-runner",
"zapier-platform-legacy-scripting-runner",
"zapier-platform-schema",
"zapier-platform-schema",
"zapier-platform-schema",
"zapier-scripts",
"zapier-scripts",
"zuper-cli",
"zuper-sdk",
"zuper-stream",
];
/**
Script to scan all projects with NPM dependencies for packages that were affected by the Sha1-hulud 2.0 security threat.
Only checks for repo's that use npm or yarn 1.x.
Based on an original script written by [Paul van den Dool](https://github.com/PaulvdDool).
*/
function checkPackageLockFile(pathToLockFile, folderPath, file) {
let json;
try {
json = JSON.parse(fs.readFileSync(pathToLockFile, "utf8"));
} catch (e) {
console.log(`❌ ${pathToLockFile} → cannot parse ${file}`);
return;
}
const packages = Object.keys(json.packages || {});
const matches = new Set();
for (const key of packages) {
for (const item of watchList) {
if (key.includes(`node_modules/${item}`)) {
matches.add(item);
}
}
}
const repoName = path.basename(folderPath);
if (matches.size > 0) {
console.log(
`⚠️ ${folderPath}: ${repoName} → ${Array.from(matches).join(", ")}`
);
} else {
console.log(`✅ ${folderPath}: ${repoName} → nothing found`);
}
}
function checkYarnLockFile(pathToLockFile, folderPath, file) {
let lockFileContent;
try {
lockFileContent = fs.readFileSync(pathToLockFile, "utf8");
} catch (e) {
console.log(`❌ ${pathToLockFile} → cannot read ${file}`);
return;
}
const matches = new Set();
for (const item of watchList) {
if (lockFileContent.includes(item)) {
matches.add(item);
}
}
const repoName = path.basename(folderPath);
if (matches.size > 0) {
console.log(
`⚠️ ${folderPath}: ${repoName} → ${Array.from(matches).join(", ")}`
);
} else {
console.log(`✅ ${folderPath}: ${repoName} → nothing found`);
}
}
function scanDirectory(dirPath, file) {
const lockFile = path.join(dirPath, file);
// Check if package-lock.json exists in this directory
if (fs.existsSync(lockFile)) {
console.log(`Checking ${lockFile}...`);
if (file === "package-lock.json") {
checkPackageLockFile(lockFile, dirPath, file);
} else if (file === "yarn.lock") {
checkYarnLockFile(lockFile, dirPath, file);
}
}
// Recurse into subdirectories, but skip node_modules
try {
const entries = fs.readdirSync(dirPath, { withFileTypes: true });
for (const entry of entries) {
if (entry.isDirectory() && entry.name !== "node_modules") {
const subDirPath = path.join(dirPath, entry.name);
scanDirectory(subDirPath, file);
}
}
} catch (e) {
console.log(`❌ ${dirPath} → ${e.message}`);
// Skip directories we can't read (permissions, etc.)
}
}
const parentFolder = process.argv[2] || ".";
console.log("Scanning package-lock.json files...");
scanDirectory(parentFolder, "package-lock.json");
console.log("Scan done.");
console.log("--------------------------------");
console.log("Scanning yarn.lock files...");
scanDirectory(parentFolder, "yarn.lock");
console.log("Scan done.");
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment