This repository contains a lightweight Bash script to scan for known malicious NPM packages in your project directories.
./scan-malicious-npm.sh [directory]- Scans all
package.jsonandpackage-lock.jsonfiles in the specified directory (or current directory by default). - Alerts if any of the following malicious packages are found:
- mysql-dumpdiscord
- nodejs.discord
- malinssx
- malicus
- maliinn
- sqlcommenter_rails
- Bash shell
- Standard Unix tools:
find,grep,sed
MIT