Skip to content
This repository has been archived by the owner on Aug 15, 2024. It is now read-only.

Scanning script to find infected @3.7.2 installations (#39) #40

Closed
brownstein opened this issue Jul 12, 2018 · 3 comments
Closed

Scanning script to find infected @3.7.2 installations (#39) #40

brownstein opened this issue Jul 12, 2018 · 3 comments
Labels

Comments

@brownstein
Copy link

#39 is locked, but I'd like to contribute a quick gist we wrote to find compromised local installs. Is there a way we can get https://gist.github.com/brownstein/8aaade4953807f512d416da0c6a5a5f6 into the comments for said issue to help effected developers identify whether or not they are compromised?

If so, please merge into the main thread and remove this issue. Thanks!

@brownstein brownstein changed the title Scanning script gist for https://github.com/eslint/eslint-scope/issues/39 Scanning script gist for infected @3.7.2 installations Jul 12, 2018
@brownstein brownstein changed the title Scanning script gist for infected @3.7.2 installations Scanning script to find infected @3.7.2 installations (#39) Jul 12, 2018
@khromov
Copy link

khromov commented Jul 12, 2018

Here's a quick and dirty guide to find if you have the infected package:

First make sure the locate command database is updated:

OSX

sudo /usr/libexec/locate.updatedb # Update locate command

Most Linux flavors

updatedb

Now look for the package on your machine:

locate eslint-scope

Under each eslint-scope folder, check for eslint-scope/package.json, make sure that "version": "3.7.2" does not appear in the file:

cat <your-path>/eslint-scope/package.json | grep version

@ceceshao1
Copy link

One of our full-stack developers also wrote out a script to conduct a check: https://medium.com/comet-ml/detect-eslint-malicious-packages-infection-8a9110080a24

@not-an-aardvark
Copy link
Member

Thanks for the scripts. Closing this issue since the issue was linked here: #39 (comment)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

4 participants