Last active
March 23, 2016 17:55
-
-
Save ecmendenhall/0689e7e58ff58ac31451 to your computer and use it in GitHub Desktop.
A quick script to check npm dependencies for modules hijacked by nj48 (https://www.npmjs.com/~nj48)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
MATCHES=$(npm ls | grep -e " andthen@" \ | |
-e " anglicize@" \ | |
-e " ansi-codes@" \ | |
-e " atbash@" \ | |
-e " attr@" \ | |
-e " attrs@" \ | |
-e " available-slug@" \ | |
-e " background-image@" \ | |
-e " ballet@" \ | |
-e " binding@" \ | |
-e " bind-key@" \ | |
-e " blending-modes@" \ | |
-e " boxcars@" \ | |
-e " brick-browser@" \ | |
-e " brick-browserify-plugin@" \ | |
-e " brick-node@" \ | |
-e " browserify-length@" \ | |
-e " bud@" \ | |
-e " bud-babelify@" \ | |
-e " bud-browserify@" \ | |
-e " bud-concat@" \ | |
-e " bud-indexhtml@" \ | |
-e " bud-live-server@" \ | |
-e " call-all@" \ | |
-e " categorize-files@" \ | |
-e " center-box@" \ | |
-e " centered@" \ | |
-e " centered-cover-background@" \ | |
-e " change-object@" \ | |
-e " change-object-path@" \ | |
-e " checkfor@" \ | |
-e " cli-form@" \ | |
-e " cli-qa@" \ | |
-e " comma-list@" \ | |
-e " comp@" \ | |
-e " concat@" \ | |
-e " config-doc@" \ | |
-e " core-modules@" \ | |
-e " cover-background@" \ | |
-e " create-temp-dir@" \ | |
-e " debounce-fn@" \ | |
-e " declarative-js@" \ | |
-e " default-debug@" \ | |
-e " delegate-dom@" \ | |
-e " dom-children@" \ | |
-e " dom-classes@" \ | |
-e " dom-event@" \ | |
-e " domquery@" \ | |
-e " dom-select@" \ | |
-e " dom-style@" \ | |
-e " dom-tree@" \ | |
-e " dom-value@" \ | |
-e " door@" \ | |
-e " duba@" \ | |
-e " eksi-server@" \ | |
-e " eksi-sozluk@" \ | |
-e " english-time@" \ | |
-e " environ@" \ | |
-e " every-time@" \ | |
-e " expand-home-dir@" \ | |
-e " failing-code@" \ | |
-e " failing-line@" \ | |
-e " filename-id@" \ | |
-e " filter-stack@" \ | |
-e " findall@" \ | |
-e " first-val@" \ | |
-e " flat-glob@" \ | |
-e " flatten-array@" \ | |
-e " flickr-client@" \ | |
-e " flickr-favorites@" \ | |
-e " flickr-following@" \ | |
-e " flickr-generate-urls@" \ | |
-e " flickr-photo-brick@" \ | |
-e " flickr-photo-info@" \ | |
-e " flickr-photo-urls@" \ | |
-e " flickr-recent@" \ | |
-e " flickr-user@" \ | |
-e " flickr-user-feed@" \ | |
-e " format-date@" \ | |
-e " format-text@" \ | |
-e " fs-wrapd - v1.0.0@" \ | |
-e " functools@" \ | |
-e " genpkg@" \ | |
-e " get-json@" \ | |
-e " gezi@" \ | |
-e " gezi-core@" \ | |
-e " go-api-starter@" \ | |
-e " goodeggs-list@" \ | |
-e " goodeggs-login@" \ | |
-e " hide@" \ | |
-e " highkick@" \ | |
-e " htmlglue@" \ | |
-e " html-patcher@" \ | |
-e " iframe@" \ | |
-e " ignore-doc@" \ | |
-e " indexhtml@" \ | |
-e " indexhtml-cli@" \ | |
-e " infinite-scroll@" \ | |
-e " install-module@" \ | |
-e " is-node@" \ | |
-e " iter@" \ | |
-e " join-params@" \ | |
-e " jsify@" \ | |
-e " json-resources@" \ | |
-e " just-a-browserify-server@" \ | |
-e " just-a-server@" \ | |
-e " just-next-tick@" \ | |
-e " juxt@" \ | |
-e " key-event@" \ | |
-e " keyname-of@" \ | |
-e " keynames@" \ | |
-e " kurdish-time@" \ | |
-e " less-common-words@" \ | |
-e " level-client@" \ | |
-e " level-flush@" \ | |
-e " level-json@" \ | |
-e " level-json-cache@" \ | |
-e " level-json-wrapper@" \ | |
-e " limited-parallel-loop@" \ | |
-e " local-debug@" \ | |
-e " lowkick@" \ | |
-e " make-editable@" \ | |
-e " matches-dom-selector@" \ | |
-e " measure-time@" \ | |
-e " media@" \ | |
-e " medium-author@" \ | |
-e " medium-post@" \ | |
-e " memdiff@" \ | |
-e " memoize-async@" \ | |
-e " memoize-sync@" \ | |
-e " memoize-with-leveldb@" \ | |
-e " meta-tags@" \ | |
-e " methodify@" \ | |
-e " midibin-api@" \ | |
-e " midi-instrument@" \ | |
-e " midi-sdk@" \ | |
-e " mime-of@" \ | |
-e " mix-objects@" \ | |
-e " most-common-turkish-words@" \ | |
-e " most-common-words@" \ | |
-e " mp3s@" \ | |
-e " new-chain@" \ | |
-e " new-command@" \ | |
-e " new-element@" \ | |
-e " new-empty-array@" \ | |
-e " new-error@" \ | |
-e " new-format@" \ | |
-e " new-list@" \ | |
-e " new-object@" \ | |
-e " new-partial@" \ | |
-e " new-prop@" \ | |
-e " new-pubsub@" \ | |
-e " new-range@" \ | |
-e " new-reactive@" \ | |
-e " new-struct@" \ | |
-e " observer@" \ | |
-e " on-key-press@" \ | |
-e " on-off@" \ | |
-e " ourtunes@" \ | |
-e " outer-html@" \ | |
-e " package-path@" \ | |
-e " parallel-loop@" \ | |
-e " parallelly@" \ | |
-e " parse-path@" \ | |
-e " pause-function@" \ | |
-e " personal-api@" \ | |
-e " play-audio@" \ | |
-e " playfair-display@" \ | |
-e " play-url@" \ | |
-e " post-data@" \ | |
-e " pref@" \ | |
-e " prettify-error@" \ | |
-e " prompt-input@" \ | |
-e " propertify@" \ | |
-e " property@" \ | |
-e " prova@" \ | |
-e " provinces@" \ | |
-e " pt-mono@" \ | |
-e " pt-serif@" \ | |
-e " radio-paradise-api@" \ | |
-e " random-color@" \ | |
-e " rdio-js-api@" \ | |
-e " read-cli-input@" \ | |
-e " read-json@" \ | |
-e " refine-object@" \ | |
-e " relative-date@" \ | |
-e " remotely@" \ | |
-e " render-loop@" \ | |
-e " require-sdk@" \ | |
-e " right-pad@" \ | |
-e " route-map@" \ | |
-e " run-after@" \ | |
-e " run-paralelly@" \ | |
-e " run-serially@" \ | |
-e " sanitize-object@" \ | |
-e " scrape-eksi@" \ | |
-e " scrape-pages@" \ | |
-e " scrape-url@" \ | |
-e " scraping-eksi@" \ | |
-e " scroll-bottom@" \ | |
-e " select-dom@" \ | |
-e " serial-loop@" \ | |
-e " serially@" \ | |
-e " set-content-type@" \ | |
-e " setup-docker@" \ | |
-e " shell-jobs@" \ | |
-e " show-help@" \ | |
-e " show-version@" \ | |
-e " shuffle-array@" \ | |
-e " simple.io@" \ | |
-e " simulate-touch@" \ | |
-e " slug-to-title@" \ | |
-e " socks-browser@" \ | |
-e " soundcloud-stream@" \ | |
-e " stream-format@" \ | |
-e " strip@" \ | |
-e " style-dom@" \ | |
-e " style-format@" \ | |
-e " subscribe@" \ | |
-e " subscription@" \ | |
-e " title-from-url@" \ | |
-e " toba-batak-dictionary@" \ | |
-e " to-class-name@" \ | |
-e " toledo-chess@" \ | |
-e " to-slug@" \ | |
-e " to-title@" \ | |
-e " try-call@" \ | |
-e " turkish-alphabet@" \ | |
-e " turkish-synonyms-api@" \ | |
-e " turkish-time@" \ | |
-e " unique-now@" \ | |
-e " uniques@" \ | |
-e " uzo@" \ | |
-e " validate-value@" \ | |
-e " variable-name@" \ | |
-e " video-canvas@" \ | |
-e " video-dimensions@" \ | |
-e " virtual-glue@"); | |
if [ -z "${MATCHES// }" ]; then | |
echo "👍 No hijacked dependencies found."; | |
else | |
echo "🚫 Found hijacked dependencies:"; | |
echo "$MATCHES"; | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment