[Updated 27 Nov 2025 00:21 UTC] Deep scan for bad NPM packages nested across projects - DFIR for Shai-Hulud cyberattack, Sep-Nov 2025

bad-deps.txt

@ahmedhfarag/ngx-perfect-scrollbar
@ahmedhfarag/ngx-virtual-scroller
another-shai
@art-ws/common
@art-ws/config-eslint
@art-ws/config-ts
@art-ws/db-context
@art-ws/di-node
@art-ws/di
@art-ws/eslint
@art-ws/fastify-http-server
@art-ws/http-server
@art-ws/openapi
@art-ws/package-base
@art-ws/prettier
@art-ws/slf
@art-ws/ssl-info
@art-ws/web-app
@crowdstrike/commitlint
@crowdstrike/falcon-shoelace
@crowdstrike/foundry-js
@crowdstrike/glide-core
@crowdstrike/logscale-dashboard
@crowdstrike/logscale-file-editor
@crowdstrike/logscale-parser-edit
@crowdstrike/logscale-search
@crowdstrike/tailwind-toucan-base
@ctrl/deluge
@ctrl/golang-template
@ctrl/magnet-link
@ctrl/ngx-codemirror
@ctrl/ngx-csv
@ctrl/ngx-emoji-mart
@ctrl/ngx-rightclick
@ctrl/qbittorrent
@ctrl/react-adsense
@ctrl/shared-torrent
@ctrl/tinycolor
@ctrl/torrent-file
@ctrl/transmission
@ctrl/ts-base32
@hestjs/core
@hestjs/cqrs
@hestjs/demo
@hestjs/eslint-config
@hestjs/logger
@hestjs/scalar
@hestjs/validation
@nativescript-community/arraybuffers
@nativescript-community/gesturehandler
@nativescript-community/perms
@nativescript-community/sentry
@nativescript-community/sqlite
@nativescript-community/text
@nativescript-community/typeorm
@nativescript-community/ui-collectionview
@nativescript-community/ui-document-picker
@nativescript-community/ui-drawer
@nativescript-community/ui-image
@nativescript-community/ui-label
@nativescript-community/ui-material-bottom-navigation
@nativescript-community/ui-material-bottomsheet
@nativescript-community/ui-material-core-tabs
@nativescript-community/ui-material-core
@nativescript-community/ui-material-ripple
@nativescript-community/ui-material-tabs
@nativescript-community/ui-pager
@nativescript-community/ui-pulltorefresh
@nexe/config-manager
@nexe/eslint-config
@nexe/logger
@nstudio/angular
@nstudio/focus
@nstudio/nativescript-checkbox
@nstudio/nativescript-loading-indicator
@nstudio/ui-collectionview
@nstudio/web-angular
@nstudio/web
@nstudio/xplat-utils
@nstudio/xplat
@operato/board
@operato/data-grist
@operato/graphql
@operato/headroom
@operato/help
@operato/i18n
@operato/input
@operato/layout
@operato/popup
@operato/pull-to-refresh
@operato/shell
@operato/styles
@operato/utils
@teselagen/bio-parsers
@teselagen/bounce-loader
@teselagen/file-utils
@teselagen/liquibase-tools
@teselagen/ove
@teselagen/range-utils
@teselagen/react-list
@teselagen/react-table
@teselagen/sequence-utils
@teselagen/ui
@thangved/callback-window
@things-factory/attachment-base
@things-factory/auth-base
@things-factory/email-base
@things-factory/env
@things-factory/integration-base
@things-factory/integration-marketplace
@things-factory/shell
@tnf-dev/api
@tnf-dev/core
@tnf-dev/js
@tnf-dev/mui
@tnf-dev/react
@ui-ux-gang/devextreme-angular-rpk
@yoobic/design-system
@yoobic/jpeg-camera-es6
@yoobic/yobi
airchief
airpilot
angulartics2
browser-webdriver-downloader
capacitor-notificationhandler
capacitor-plugin-healthapp
capacitor-plugin-ihealth
capacitor-plugin-vonage
capacitorandroidpermissions
config-cordova
cordova-plugin-voxeet2
cordova-voxeet
create-hest-app
db-evo
devextreme-angular-rpk
ember-browser-services
ember-headless-form-yup
ember-headless-form
ember-headless-table
ember-url-hash-polyfill
ember-velcro
encounter-playground
eslint-config-crowdstrike-node
eslint-config-crowdstrike
slint-config-teselagen
eslint-config-teselagen
globalize-rpk
graphql-sequelize-teselagen
html-to-base64-image
json-rules-engine-simplified
jumpgate
koa2-swagger-ui
mcfly-semantic-release
mcp-knowledge-base
mcp-knowledge-graph
mobioffice-cli
monorepo-next
mstate-angular
mstate-cli
mstate-dev-react
mstate-react
ng2-file-upload
ngx-bootstrap
ngx-color
ngx-toastr
ngx-trend
ngx-ws
oradm-to-gql
oradm-to-sqlz
ove-auto-annotate
pm2-gelf-json
printjs-rpk
react-complaint-image
react-jsonschema-form-conditionals
react-jsonschema-form-extras
react-jsonschema-rxnt-extras
remark-preset-lint-crowdstrike
rxnt-authentication
rxnt-healthchecks-nestjs
rxnt-kue
swc-plugin-component-annotate
tbssnch
teselagen-interval-tree
tg-client-query-builder
tg-redbird
tg-seq-gen
thangved-react-grid
ts-gaussian
ts-imports
tvi-cli
ve-bamreader
ve-editor
verror-extra
voip-callkit
wdio-web-reporter
yargs-help-output
yoo-styles
@rxap/ngx-bootstrap
eslint-config-teselagen

@zapier/ai-actions
@zapier/ai-actions-react
@zapier/babel-preset-zapier
@zapier/browserslist-config-zapier
@zapier/eslint-plugin-zapier
@zapier/mcp-integration
@zapier/secret-scrubber
@zapier/spectral-api-ruleset
@zapier/stubtree
@zapier/zapier-sdk
zapier-async-storage
zapier-platform-cli
zapier-platform-core
zapier-platform-legacy-scripting-runner
zapier-platform-schema
zapier-scripts
@asyncapi/avro-schema-parser
@asyncapi/bundler
@asyncapi/cli
@asyncapi/converter
@asyncapi/diff
@asyncapi/dotnet-rabbitmq-template
@asyncapi/edavisualiser
@asyncapi/generator
@asyncapi/generator-components
@asyncapi/generator-helpers
@asyncapi/generator-react-sdk
@asyncapi/go-watermill-template
@asyncapi/html-template
@asyncapi/java-spring-cloud-stream-template
@asyncapi/java-spring-template
@asyncapi/java-template
@asyncapi/keeper
@asyncapi/markdown-template
@asyncapi/modelina
@asyncapi/modelina-cli
@asyncapi/multi-parser
@asyncapi/nodejs-template
@asyncapi/nodejs-ws-template
@asyncapi/nunjucks-filters
@asyncapi/openapi-schema-parser
@asyncapi/optimizer
@asyncapi/parser
@asyncapi/php-template
@asyncapi/problem
@asyncapi/protobuf-schema-parser
@asyncapi/python-paho-template
@asyncapi/react-component
@asyncapi/server-api
@asyncapi/specs
@asyncapi/studio
@asyncapi/web-component
asyncapi-preview
create-glee-app
dotnet-template
github-action-for-generator
go-template
@postman/aether-icons
@postman/csv-parse
@postman/final-node-keytar
@postman/mcp-ui-client
@postman/node-keytar
@postman/pm-bin-linux-x64
@postman/pm-bin-macos-arm64
@postman/pm-bin-macos-x64
@postman/pm-bin-windows-x64
@postman/postman-collection-fork
@postman/postman-mcp-cli
@postman/postman-mcp-server
@postman/pretty-ms
@postman/secret-scanner-wasm
@postman/tunnel-agent
@postman/wdio-allure-reporter
@postman/wdio-junit-reporter
@posthog/agent
@posthog/automatic-cohorts-plugin
@posthog/clickhouse
@posthog/cli
@posthog/customerio-plugin
@posthog/databricks-plugin
@posthog/drop-events-on-property-plugin
@posthog/event-sequence-timer-plugin
@posthog/geoip-plugin
@posthog/github-release-tracking-plugin
@posthog/gitub-star-sync-plugin
@posthog/heartbeat-plugin
@posthog/hedgehog-mode
@posthog/icons
@posthog/ingestion-alert-plugin
@posthog/intercom-plugin
@posthog/laudspeaker-plugin
@posthog/maxmind-plugin
@posthog/migrator3000-plugin
@posthog/netdata-event-processing
@posthog/nextjs
@posthog/nextjs-config
@posthog/nuxt
@posthog/pagerduty-plugin
@posthog/piscina
@posthog/plugin-contrib
@posthog/plugin-server
@posthog/plugin-unduplicates
@posthog/react-rrweb-player
@posthog/rrweb
@posthog/rrweb-player
@posthog/rrweb-record
@posthog/rrweb-snapshot
@posthog/rrweb-utils
@posthog/sendgrid-plugin
@posthog/siphash
@posthog/taxonomy-plugin
@posthog/twitter-followers-plugin
@posthog/url-normalizer-plugin
@posthog/variance-plugin
@posthog/wizard
@posthog/zendesk-plugin
drop-events-on-property-plugin
posthog-docusaurus
posthog-js
posthog-node
posthog-react-native
@ensdomains/address-encoder
@ensdomains/blacklist
@ensdomains/buffer
@ensdomains/ccip-read-cf-worker
@ensdomains/ccip-read-dns-gateway
@ensdomains/ccip-read-router
@ensdomains/ccip-read-worker-viem
@ensdomains/content-hash
@ensdomains/curvearithmetics
@ensdomains/cypress-metamask
@ensdomains/dnsprovejs
@ensdomains/dnssec-oracle-anchors
@ensdomains/dnssecoraclejs
@ensdomains/durin
@ensdomains/durin-middleware
@ensdomains/ens-archived-contracts
@ensdomains/ens-avatar
@ensdomains/ens-contracts
@ensdomains/ens-test-env
@ensdomains/ens-validation
@ensdomains/ensjs
@ensdomains/ensjs-react
@ensdomains/eth-ens-namehash
@ensdomains/hackathon-registrar
@ensdomains/hardhat-chai-matchers-viem
@ensdomains/hardhat-toolbox-viem-extended
@ensdomains/mock
@ensdomains/name-wrapper
@ensdomains/offchain-resolver-contracts
@ensdomains/op-resolver-contracts
@ensdomains/react-ens-address
@ensdomains/renewal
@ensdomains/renewal-widget
@ensdomains/reverse-records
@ensdomains/server-analytics
@ensdomains/solsha1
@ensdomains/subdomain-registrar
@ensdomains/test-utils
@ensdomains/thorin
@ensdomains/ui
@ensdomains/unicode-confusables
@ensdomains/unruggable-gateways
@ensdomains/vite-plugin-i18next-loader
@ensdomains/web3modal
crypto-addr-codec
ethereum-ens
@voiceflow/alexa-types
@voiceflow/anthropic
@voiceflow/api-sdk
@voiceflow/backend-utils
@voiceflow/base-types
@voiceflow/body-parser
@voiceflow/chat-types
@voiceflow/circleci-config-sdk-orb-import
@voiceflow/commitlint-config
@voiceflow/common
@voiceflow/default-prompt-wrappers
@voiceflow/dependency-cruiser-config
@voiceflow/dtos-interact
@voiceflow/encryption
@voiceflow/eslint-config
@voiceflow/eslint-plugin
@voiceflow/exception
@voiceflow/fetch
@voiceflow/general-types
@voiceflow/git-branch-check
@voiceflow/google-dfes-types
@voiceflow/google-types
@voiceflow/husky-config
@voiceflow/logger
@voiceflow/metrics
@voiceflow/natural-language-commander
@voiceflow/nestjs-common
@voiceflow/nestjs-mongodb
@voiceflow/nestjs-rate-limit
@voiceflow/nestjs-redis
@voiceflow/nestjs-timeout
@voiceflow/npm-package-json-lint-config
@voiceflow/openai
@voiceflow/pino
@voiceflow/pino-pretty
@voiceflow/prettier-config
@voiceflow/react-chat
@voiceflow/runtime
@voiceflow/runtime-client-js
@voiceflow/sdk-runtime
@voiceflow/secrets-provider
@voiceflow/semantic-release-config
@voiceflow/serverless-plugin-typescript
@voiceflow/slate-serializer
@voiceflow/stitches-react
@voiceflow/storybook-config
@voiceflow/stylelint-config
@voiceflow/test-common
@voiceflow/tsconfig
@voiceflow/tsconfig-paths
@voiceflow/utils-designer
@voiceflow/verror
@voiceflow/vite-config
@voiceflow/vitest-config
@voiceflow/voice-types
@voiceflow/voiceflow-types
@voiceflow/widget
@accordproject/concerto-analysis
@accordproject/concerto-linter
@accordproject/concerto-linter-default-ruleset
@accordproject/concerto-metamodel
@accordproject/markdown-it-cicero
@accordproject/template-engine
@alexcolls/nuxt-socket.io
@alexcolls/nuxt-ux
@antstackio/eslint-config-antstack
@antstackio/express-graphql-proxy
@antstackio/graphql-body-parser
@antstackio/json-to-graphql
@antstackio/shelbysam
@actbase/native
@actbase/node-server
@actbase/react-absolute
@actbase/react-daum-postcode
@actbase/react-kakaosdk
@actbase/react-native-actionsheet
@actbase/react-native-devtools
@actbase/react-native-fast-image
@actbase/react-native-kakao-channel
@actbase/react-native-kakao-navi
@actbase/react-native-less-transformer
@actbase/react-native-naver-login
@actbase/react-native-simple-video
@actbase/react-native-tiktok
@aryanhussain/my-angular-lib
@caretive/caret-cli
@clausehq/flows-step-httprequest
@clausehq/flows-step-jsontoxml
@clausehq/flows-step-mqtt
@clausehq/flows-step-sendgridemail
@clausehq/flows-step-taskscreateurl
@commute/bloom
@commute/market-data
@commute/market-data-chartjs
@dev-blinq/ai-qa-logic
@dev-blinq/cucumber-js
@dev-blinq/cucumber_client
@dev-blinq/ui-systems
@everreal/validate-esmoduleinterop-imports
@everreal/web-analytics
@faq-component/core
@faq-component/react
@fishingbooker/browser-sync-plugin
@fishingbooker/react-loader
@fishingbooker/react-pagination
@fishingbooker/react-raty
@fishingbooker/react-swiper
@hapheus/n8n-nodes-pgp
@hover-design/core
@hover-design/react
@ifelsedeveloper/protocol-contracts-svm-idl
@ifings/metatron3
@kvytech/components
@kvytech/medusa-plugin-announcement
@kvytech/medusa-plugin-management
@kvytech/medusa-plugin-newsletter
@kvytech/medusa-plugin-product-reviews
@kvytech/medusa-plugin-promotion
@kvytech/web
@lessondesk/api-client
@lessondesk/babel-preset
@lessondesk/electron-group-api-client
@lessondesk/eslint-config
@lessondesk/material-icons
@lessondesk/react-table-context
@lessondesk/schoolbus
@louisle2/core
@louisle2/cortex-js
@lpdjs/firestore-repo-service
@markvivanco/app-version-checker
@mcp-use/cli
@mcp-use/inspector
@mcp-use/mcp-use
@ntnx/passport-wso2
@ntnx/t
@orbitgtbelgium/mapbox-gl-draw-cut-polygon-mode
@orbitgtbelgium/mapbox-gl-draw-scale-rotate-mode
@orbitgtbelgium/orbit-components
@orbitgtbelgium/time-slider
@osmanekrem/bmad
@osmanekrem/error-handler
@pradhumngautam/common-app
@pruthvi21/use-debounce
@relyt/claude-context-core
@relyt/claude-context-mcp
@relyt/mcp-server-relytone
@seezo/sdr-mcp-server
@seung-ju/next
@seung-ju/openapi-generator
@seung-ju/react-hooks
@seung-ju/react-native-action-sheet
@suraj_h/medium-common
@thedelta/eslint-config
@tiaanduplessis/json
@tiaanduplessis/react-progressbar
@trefox/sleekshop-js
@trigo/atrix
@trigo/atrix-acl
@trigo/atrix-elasticsearch
@trigo/atrix-mongoose
@trigo/atrix-orientdb
@trigo/atrix-postgres
@trigo/atrix-pubsub
@trigo/atrix-redis
@trigo/atrix-soap
@trigo/atrix-swagger
@trigo/bool-expressions
@trigo/eslint-config-trigo
@trigo/fsm
@trigo/jsdt
@trigo/keycloak-api
@trigo/node-soap
@trigo/pathfinder-ui-css
@trigo/trigo-hapijs
@varsityvibe/api-client
@varsityvibe/utils
@varsityvibe/validation-schemas
02-echo
ai-crowl-shield
arc-cli-fc
atrix
atrix-mongoose
automation_model
axios-timed
barebones-css
benmostyn-frame-print
bidirectional-adapter
blob-to-base64
blinqio-executions-cli
bool-expressions
bytecode-checker-cli
bytes-to-x
calc-loan-interest
capacitor-plugin-apptrackingios
capacitor-plugin-purchase
capacitor-plugin-scgssigninwithgoogle
capacitor-purchase-history
capacitor-voice-recorder-wav
chrome-extension-downloads
claude-token-updater
coinmarketcap-api
colors-regex
compare-obj
composite-reducer
count-it-down
cpu-instructions
create-hardhat3-app
create-mcp-use-app
css-dedoupe
dashboard-empty-state
designstudiouiux
devstart-cli
dialogflow-es
discord-bot-server
docusaurus-plugin-vanilla-extract
dont-go
email-deliverability-tester
enforce-branch-name
eslint-config-nitpicky
eslint-config-trigo
exact-ticker
expo-audio-session
expressos
evm-checkcode-cli
fat-fingered
feature-flip
firestore-search-engine
fittxt
flapstacks
flatten-unflatten
formik-error-focus
formik-store
fuzzy-finder
gate-evm-check-code2
gate-evm-tools-test
gatsby-plugin-cname
generator-meteor-stock
generator-ng-itobuz
get-them-args
gitsafe
gulp-inject-envs
haufe-axera-api-client
hope-mapboxdraw
hopedraw
hover-design-prototype
httpness
hyper-fullfacing
hyperterm-hipster
image-to-uri
invo
ito-button
itobuz-angular
itobuz-angular-auth
itobuz-angular-button
jacob-zuma
jan-browser
jquery-bindings
kill-port
kwami
lang-codes
license-o-matic
lint-staged-imagemin
lite-serper-mcp-server
luno-api
mcp-use
medusa-plugin-announcement
medusa-plugin-logs
medusa-plugin-momo
medusa-plugin-product-reviews-kvy
medusa-plugin-zalopay
mod10-check-digit
mon-package-react-typescript
n8n-nodes-tmdb
n8n-nodes-vercel-ai-sdk
n8n-nodes-viral-app
nanoreset
next-circular-dependency
next-simple-google-analytics
next-styled-nprogress
ngx-useful-swiper-prosenjit
ngx-wooapi
normal-store
obj-to-css
okta-react-router-6
orbit-boxicons
orbit-nebula-draw-tools
orbit-nebula-editor
orbit-soap
orchestrix
package-tester
parcel-plugin-asset-copier
pdf-annotation
pico-uid
piclite
pkg-readme
prime-one-table
prompt-eng
prompt-eng-server
ra-auth-firebase
ra-data-firebase
react-component-taggers
react-element-prompt-inspector
react-hook-form-persist
react-jam-icons
react-keycloak-context
react-library-setup
react-linear-loader
react-micromodal.js
react-native-datepicker-modal
react-native-email
react-native-fetch
react-native-get-pixel-dimensions
react-native-google-maps-directions
react-native-log-level
react-native-modest-checkbox
react-native-modest-storage
react-native-phone-call
react-native-retriable-fetch
react-native-view-finder
react-native-websocket
react-native-worklet-functions
react-qr-image
redux-forge
redux-router-kit
sa-company-registration-number-regex
sa-id-gen
scgsffcreator
selenium-session-client
set-nested-prop
shelf-jwt-sessions
shell-exec
skills-use
sort-by-distance
south-african-id-info
stat-fns
stoor
super-commit
svelte-autocomplete-select
svelte-toasty
tanstack-shadcn-table
tcsp
tcsp-draw-test
tcsp-test-vd
template-lib
template-micro-service
tenacious-fetch
test-foundry-app
test-hardhat-app
tiaan
token.js-fork
trigo-react-app
typefence
typeorm-orbit
undefsafe-typed
uplandui
upload-to-play-store
url-encode-decode
use-unsaved-changes
valid-south-african-id
vf-oss-template
web-scraper-mcp
wellness-expert-ng-gallery
wenk
zuper-cli
zuper-sdk
zuper-stream

@afetcan/api
@afetcan/storage
@alaan/s2s-auth
@alexadark/amadeus-api
@alexadark/gatsby-theme-events
@alexadark/gatsby-theme-wordpress-blog
@alexadark/reusable-functions
@bdkinc/knex-ibmi
@browserbasehq/bb9
@browserbasehq/director-ai
@browserbasehq/mcp
@browserbasehq/mcp-server-browserbase
@browserbasehq/sdk-functions
@browserbasehq/stagehand
@browserbasehq/stagehand-docs
@chtijs/eslint-config
@cllbk/ghl
@huntersofbook/auth-vue
@huntersofbook/core
@huntersofbook/core-nuxt
@huntersofbook/form-naiveui
@huntersofbook/i18n
@huntersofbook/ui
@jayeshsadhwani/telemetry-sdk
@livecms/live-edit
@livecms/nuxt-live-edit
@lokeswari-satyanarayanan/rn-zustand-expo-template
@lui-ui/lui-nuxt
@lui-ui/lui-tailwindcss
@lui-ui/lui-vue
@micado-digital/stadtmarketing-kufstein-external
@mizzle-dev/orm
@oku-ui/accordion
@oku-ui/alert-dialog
@oku-ui/aspect-ratio
@oku-ui/avatar
@oku-ui/checkbox
@oku-ui/collapsible
@oku-ui/collection
@oku-ui/dialog
@oku-ui/direction
@oku-ui/dismissable-layer
@oku-ui/focus-guards
@oku-ui/focus-scope
@oku-ui/hover-card
@oku-ui/label
@oku-ui/menu
@oku-ui/motion
@oku-ui/motion-nuxt
@oku-ui/popover
@oku-ui/popper
@oku-ui/portal
@oku-ui/presence
@oku-ui/primitive
@oku-ui/primitives
@oku-ui/primitives-nuxt
@oku-ui/progress
@oku-ui/provide
@oku-ui/radio-group
@oku-ui/roving-focus
@oku-ui/scroll-area
@oku-ui/separator
@oku-ui/slider
@oku-ui/switch
@oku-ui/tabs
@oku-ui/toast
@oku-ui/toggle
@oku-ui/toolbar
@oku-ui/use-composable
@oku-ui/utils
@oku-ui/visually-hidden
@pergel/cli
@pergel/module-box
@pergel/module-graphql
@pergel/module-ui
@pergel/nuxt
@productdevbook/animejs-vue
@productdevbook/auth
@productdevbook/chatwoot
@quick-start-soft/quick-document-translator
@quick-start-soft/quick-git-clean-markdown
@quick-start-soft/quick-markdown-compose
@quick-start-soft/quick-markdown-image
@quick-start-soft/quick-markdown-translator
@quick-start-soft/quick-remove-image-background
@quick-start-soft/quick-task-refine
@sameepsi/sor
@silgi/better-auth
@silgi/drizzle
@silgi/ecosystem
@silgi/graphql
@silgi/module-builder
@silgi/openapi
@silgi/permission
@silgi/ratelimit
@silgi/scalar
@silgi/yoga
@strapbuild/react-native-date-time-picker
@strapbuild/react-native-perspective-image-cropper
@strapbuild/react-native-perspective-image-cropper-2
@strapbuild/react-native-perspective-image-cropper-poojan31
@trackstar/react-trackstar-link
@trackstar/react-trackstar-link-upgrade
@trackstar/test-angular-package
@trackstar/test-package
@trpc-rate-limiter/cloudflare
@trpc-rate-limiter/hono
@viapip/eslint-config
@vishadtyagi/full-year-calendar
@vucod/email
asciitranslator
avvvatars-vue
axios-builder
babel-preset-kinvey-flex-service
best_gpio_controller
better-auth-nuxt
better-queue-nedb
buffered-interpolation-babylon6
ceviz
create-director-app
create-kinvey-flex-service
create-silgi
csv-tool-cli
easypanel-sdk
electron-volt
eslint-config-kinvey-flex-service
eslint-config-zeallat-base
expo-router-on-rails
express-starter-template
gatsby-plugin-antd
ids-css
ids-enterprise-mcp-server
ids-enterprise-ng
ids-enterprise-typings
insomnia-plugin-random-pick
iron-shield-miniapp
jaetut-varit-test
jsonsurge
kinetix-default-token-list
kinvey-cli-wrapper
kinvey-flex-scripts
kns-error-code
lui-vue-test
m25-transaction-utils
manual-billing-system-miniapp-api
my-saeed-lib
nitro-graphql
nitrodeploy
nitroping
nuxt-keycloak
pergel
pergeltest
quickswap-default-staking-list
quickswap-default-token-list
quickswap-sdk
quickswap-smart-order-router
quickswap-v2-sdk
react-data-to-export
react-native-use-modal
react-packery-component
react-scrambled-text
rediff-viewer
revenuecat
shinhan-limit-scrap
silgi
simplejsonform
solomon-api-stories
solomon-v3-ui-wrapper
soneium-acs
sufetch
tavily-module
test23112222-api
tiptap-shadcn-vue
toonfetch
ts-relay-cursor-paging
typeface-antonio-complete
unadapter
unemail
uniswap-router-sdk
uniswap-test-sdk-core
unsearch
v-plausible 
valuedex-sdk
victoria-wallet-constants
victoria-wallet-core
victoria-wallet-type
victoria-wallet-utils
victoria-wallet-validator
vue-browserupdate-nuxt
wallet-evm

@accordproject/concerto-types
@actbase/css-to-react-native-transform
@dev-blinq/blinqioclient 
@everreal/react-charts
@hyperlook/telemetry-sdk 
@ifings/design-system
@kvytech/cli
@kvytech/habbit-e2e-test
@oku-ui/arrow
@oku-ui/slot
@oku-ui/toggle-group
@oku-ui/tooltip
@posthog/ai 
@posthog/bitbucket-release-tracker
@posthog/core
@posthog/currency-normalization-plugin
@posthog/filter-out-plugin
@posthog/first-time-event-tracker
@posthog/kinesis-plugin
@posthog/lemon-ui
@posthog/postgres-plugin
@posthog/rrdom 
@posthog/rrweb-replay
@posthog/snowflake-export-plugin
@posthog/twilio-plugin
@posthog/web-dev-server
@productdevbook/motion
@productdevbook/ts-i18n
@quick-start-soft/quick-markdown
@quick-start-soft/quick-markdown-print 
@sme-ui/aoma-vevasound-metadata-lib
@trackstar/angular-trackstar-link
@trigo/hapi-auth-signedlink
axios-cancelable
bun-plugin-httpfile
command-irail 
esbuild-plugin-brotli 
esbuild-plugin-eta
esbuild-plugin-httpfile
frontity-starter-theme
just-toasty
korea-administrative-area-geo-json-util
nitro-kutu
open2interne
poper-react-sdk
posthog-plugin-hello-world
puny-req
quickswap-default-staking-list-address
quickswap-router-sdk
quickswap-token-lists
react-favic
react-native-jam-icons
rediff
rollup-plugin-httpfile
samesame
scgs-capacitor-subscribe 
schob
selenium-session
solomon-v3-stories 
uniswap-smart-order-router
victoriaxoaquyet-wallet-core 
vite-plugin-httpfile
wallet-evm 
wallet-type
web-types-htmx
web-types-lit
webpack-loader-httpfile

@elsedev/react-csr-sdk
@mparpaillon/connector-parse
@mparpaillon/imagesloaded
@mparpaillon/page
@sameepsi/sor2
cbre-flow-common
open2internet
posthog-react-native-session-replay
quickswap-ads-list
utilitas

check-bad-deps.sh

#!/bin/bash
#
# Deep scan a batch of Node projects for known bad NPM packages, as listed in bad-deps.txt.
# Fully checking each project, we look for bad packages nested anywhere in the dependency tree,
# including node_modules and package-lock.json.
#
# Author: Dan Cassey, Alex Greenland, Epi - epihq.com
# License: Public Domain (CC0)
# Updated: 27 Nov 2025
#
# Context: Digital Forensics & Incident Response (DFIR) for Shai-Hulud cyberattack, Sep-Nov 2025
#
# This script is intended as a first-pass check for developers and DFIR teams. 
# It tells you if you depend on any version of the listed dependencies.
#
# The bad-deps.txt file is intended to be thorough on a best-effort basis but it is not an exhaustive list.
# The list represents the current state of threat intelligence in the industry.
#
# Only specific versions of these dependencies are malicious, 
# but the cyberattack indicates the known compromise of these libraries or their authors in September and November 2025.
#
# We intentionally search for the packages without versions 
# so you can see if you have any level of dependency on one of these libraries.
#
# If a match is found, it does not necessarily indicate compromise.
# A match reveals potential compromise and requires further investigation, by comparing version numbers.
#
# If no matches are found, it indicates no versions of these libraries are depended upon,
# so you know with greater certainty that there is no current compromise from these dependencies in your projects.
#
# We check at a broader level for further assurance and safety.
# Going forward, in the case where you have a dependency on an old version of one of these libraries,
# you can decide whether to pin or remove the dependency.
#

PROJECTS=(
    # enter paths to roots of Node projects here, line separated
)

CWD=$(pwd)
BAD_DEPS=$(cat ./bad-deps.txt)

for project in ${PROJECTS[@]}; do
    cd $project
    echo "Checking $project..."
    FULL_LIST=$(npm list --all --silent)

    for dep in ${BAD_DEPS[@]}; do
        if [ $(echo $FULL_LIST | grep "$dep" | wc -l) != 0 ]; then
            npm list $dep
        fi
    done

    cd $CWD
done

#!/usr/bin/env bash
set -euo pipefail

# ============== CONFIG ==============
SEARCH_DIRS=("/users/user/repos")
BAD_DEPS_FILE="./bad-deps.txt"

# Directories to ignore when searching for package.json
PRUNE_DIRS=("node_modules" ".git" ".next" "dist" "build" "coverage" ".turbo" ".cache")

# ============== ABSOLUTE PATH HELPERS ==============
SELF="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/$(basename "${BASH_SOURCE[0]}")"
START_DIR="$(pwd)"
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
BAD_DEPS_FILE_ABS="$SCRIPT_DIR/$(basename "$BAD_DEPS_FILE")"

# ============== VERIFY MODE ==============
do_verify() {
  local project="${1:-.}"

  # Ensure we are inside the project directory if local checks are required
  cd "$project" 2>/dev/null || return 2

  # --------------------------
  # PUT YOUR REAL VERIFICATION LOGIC HERE
  #
  # Example (placeholder):
  # - if a file named "COMPROMISED.flag" exists, fail
  # - if suspicious postinstall scripts exist in package.json, fail
  # --------------------------

  if [ -f "COMPROMISED.flag" ]; then
    return 1
  fi

  if [ -f "package.json" ]; then
    # Simple rule: flag if install scripts contain curl, wget, bash -c, or powershell
    if grep -Eq '"(pre|post)?install"\s*:\s*".*(curl|wget|bash\s+-c|powershell).*"' package.json; then
      return 1
    fi
  fi

  return 0
}

# ============== SCAN MODE ==============
do_scan() {
  if [ ! -f "$BAD_DEPS_FILE_ABS" ]; then
    echo "bad-deps.txt file not found: $BAD_DEPS_FILE_ABS"
    exit 1
  fi

  BAD_DEPS=()
  while IFS= read -r dep; do
    [[ -z "${dep// }" ]] && continue
    [[ "$dep" == \#* ]] && continue
    BAD_DEPS+=("$dep")
  done < "$BAD_DEPS_FILE_ABS"

  # Build the find prune expression
  local find_prune=()
  find_prune+=( \( )
  for d in "${PRUNE_DIRS[@]}"; do
    find_prune+=( -path "*/$d" -o )
  done
  unset 'find_prune[${#find_prune[@]}-1]' # remove trailing -o
  find_prune+=( \) -prune -o )

  PROJECTS=()
  for search_dir in "${SEARCH_DIRS[@]}"; do
    while IFS= read -r -d '' pkg; do
      PROJECTS+=("$(dirname "$pkg")")
    done < <(
      find "$search_dir" \
        "${find_prune[@]}" \
        -name "package.json" -type f -print0
    )
  done

  echo "Projects found: ${#PROJECTS[@]}"
  echo

  for project in "${PROJECTS[@]}"; do
    echo "======================================"
    echo "Project: $project"
    echo "--------------------------------------"

    # 1) Binary / integrity verification by calling this script itself via absolute path
    if "$SELF" verify "$project"; then
      echo "OK: Binary verification passed"
    else
      rc=$?
      if [ "$rc" -eq 1 ]; then
        echo "ALERT: Project may be compromised (binary verification)"
      else
        echo "ERROR: Failed to verify project (rc=$rc)"
      fi
    fi

    # 2) Installed dependency verification
    if [ ! -d "$project/node_modules" ]; then
      echo "SKIP: no node_modules directory (run npm install to check installed deps)"
      echo
      continue
    fi

    cd "$project" || { echo "SKIP: unable to enter directory"; cd "$START_DIR"; echo; continue; }

    FULL_LIST="$(npm list --all --silent 2>/dev/null || true)"

    for dep in "${BAD_DEPS[@]}"; do
      if echo "$FULL_LIST" | grep -qE "(^| )${dep}@"; then
        echo
        echo "SUSPICIOUS DEPENDENCY FOUND: $dep"
        npm list "$dep" 2>/dev/null || true
      fi
    done

    cd "$START_DIR"
    echo
  done
}

# ============== ENTRYPOINT ==============
case "${1:-scan}" in
  verify)
    shift
    do_verify "${1:-.}"
    ;;
  scan|"")
    do_scan
    ;;
  *)
    echo "Usage:"
    echo "  $SELF                # scan"
    echo "  $SELF scan           # scan"
    echo "  $SELF verify <dir>   # verify"
    exit 2
    ;;
esac