hulud-party-scanner 1.0.0

package/README.md

@@ -0,0 +1,3 @@
+Project integrity scanner for known vulnerabilities and suspicious patterns related to the Shai-Hulud supply-chain attack.
+
+This project is a Node.js implementation based on the original shell script from [sng-jroji/hulud-party](https://github.com/sng-jroji/hulud-party).

package/compromised-libs.txt

@@ -0,0 +1,588 @@
+# This file contains 517 confirmed compromised package versions from the complete JFrog analysis
+# The Shai-Hulud attack was self-replicating, so new compromised packages may still be discovered
+#
+# Sources: StepSecurity, Wiz.io, Semgrep, JFrog security advisories
+# Format: package_name:version
+#
+# MAINTAINING THIS LIST:
+# - Add new compromised packages as they are discovered
+# - Check security advisories regularly for updates:
+#   * https://www.stepsecurity.io/blog/ctrl-tinycolor-and-40-npm-packages-compromised
+#   * https://semgrep.dev/blog/2025/security-advisory-npm-packages-using-secret-scanning-tools-to-steal-credentials/
+#   * https://jfrog.com/blog/shai-hulud-npm-supply-chain-attack-new-compromised-packages-detected/
+#   * https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack
+#   * https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages
+# - Format: one package:version per line
+# - Lines starting with # are comments and will be ignored
+#
+# DO NOT REMOVE EXISTING PACKAGES - only add new ones as they are discovered
+
+# @ctrl namespace - primary targets
+@ctrl/tinycolor:4.1.0
+@ctrl/tinycolor:4.1.1
+@ctrl/tinycolor:4.1.2
+@ctrl/deluge:1.2.0
+@ctrl/deluge:7.2.1
+@ctrl/deluge:7.2.2
+@ctrl/golang-template:1.4.2
+@ctrl/golang-template:1.4.3
+@ctrl/magnet-link:4.0.3
+@ctrl/magnet-link:4.0.4
+
+# @ahmedhfarag namespace
+@ahmedhfarag/ngx-perfect-scrollbar:20.0.20
+@ahmedhfarag/ngx-virtual-scroller:4.0.4
+
+# @art-ws namespace - 16+ packages
+@art-ws/common:2.0.22
+@art-ws/common:2.0.28
+@art-ws/config-eslint:2.0.4
+@art-ws/config-eslint:2.0.5
+@art-ws/config-ts:2.0.7
+@art-ws/config-ts:2.0.8
+@art-ws/db-context:2.0.24
+@art-ws/di:2.0.28
+@art-ws/di:2.0.32
+@art-ws/di-node:2.0.13
+@art-ws/eslint:1.0.5
+@art-ws/eslint:1.0.6
+@art-ws/fastify-http-server:2.0.24
+@art-ws/fastify-http-server:2.0.27
+@art-ws/http-server:2.0.21
+@art-ws/http-server:2.0.25
+@art-ws/openapi:0.1.9
+@art-ws/openapi:0.1.12
+@art-ws/package-base:1.0.5
+@art-ws/package-base:1.0.6
+@art-ws/prettier:1.0.5
+@art-ws/prettier:1.0.6
+@art-ws/slf:2.0.15
+@art-ws/slf:2.0.22
+@art-ws/ssl-info:1.0.9
+@art-ws/ssl-info:1.0.10
+@art-ws/web-app:1.0.3
+@art-ws/web-app:1.0.4
+
+# @crowdstrike namespace - 25+ packages
+@crowdstrike/commitlint:8.1.1
+@crowdstrike/commitlint:8.1.2
+@crowdstrike/falcon-shoelace:0.4.1
+@crowdstrike/falcon-shoelace:0.4.2
+@crowdstrike/foundry-js:0.19.1
+@crowdstrike/foundry-js:0.19.2
+@crowdstrike/glide-core:0.34.2
+@crowdstrike/glide-core:0.34.3
+@crowdstrike/logscale-dashboard:1.205.1
+@crowdstrike/logscale-dashboard:1.205.2
+@crowdstrike/logscale-file-editor:1.205.1
+@crowdstrike/logscale-file-editor:1.205.2
+@crowdstrike/logscale-parser-edit:1.205.1
+@crowdstrike/logscale-parser-edit:1.205.2
+@crowdstrike/logscale-search:1.205.1
+@crowdstrike/logscale-search:1.205.2
+@crowdstrike/tailwind-toucan-base:5.0.1
+@crowdstrike/tailwind-toucan-base:5.0.2
+
+# @hestjs namespace
+@hestjs/core:1.0.1
+@hestjs/core:1.0.2
+
+# @nstudio namespace - multiple packages with various versions
+@nstudio/angular:20.0.4
+@nstudio/angular:20.0.5
+@nstudio/angular:20.0.6
+@nstudio/focus:20.0.4
+@nstudio/focus:20.0.5
+@nstudio/focus:20.0.6
+@nstudio/nativescript-checkbox:2.0.6
+@nstudio/nativescript-checkbox:2.0.7
+@nstudio/nativescript-checkbox:2.0.8
+@nstudio/nativescript-checkbox:2.0.9
+@nstudio/nativescript-loading-indicator:5.0.1
+@nstudio/nativescript-loading-indicator:5.0.2
+@nstudio/nativescript-loading-indicator:5.0.3
+@nstudio/nativescript-loading-indicator:5.0.4
+@nstudio/ui-collectionview:5.1.11
+@nstudio/ui-collectionview:5.1.12
+@nstudio/ui-collectionview:5.1.13
+@nstudio/ui-collectionview:5.1.14
+@nstudio/web-angular:20.0.4
+@nstudio/web:20.0.4
+@nstudio/xplat-utils:20.0.5
+@nstudio/xplat-utils:20.0.6
+
+# @operato namespace - multiple packages with 9.0.x versions
+@operato/board:9.0.36
+@operato/board:9.0.37
+@operato/board:9.0.38
+@operato/board:9.0.39
+@operato/board:9.0.40
+@operato/board:9.0.41
+@operato/board:9.0.42
+@operato/board:9.0.43
+@operato/board:9.0.44
+@operato/board:9.0.45
+@operato/board:9.0.46
+@operato/data-grist:9.0.29
+@operato/data-grist:9.0.35
+@operato/data-grist:9.0.36
+@operato/data-grist:9.0.37
+@operato/graphql:9.0.22
+@operato/graphql:9.0.35
+@operato/graphql:9.0.36
+@operato/graphql:9.0.37
+@operato/graphql:9.0.38
+@operato/graphql:9.0.39
+@operato/graphql:9.0.40
+@operato/graphql:9.0.41
+@operato/graphql:9.0.42
+@operato/graphql:9.0.43
+@operato/graphql:9.0.44
+@operato/graphql:9.0.45
+@operato/graphql:9.0.46
+@operato/headroom:9.0.2
+@operato/headroom:9.0.35
+@operato/headroom:9.0.36
+@operato/headroom:9.0.37
+@operato/help:9.0.35
+@operato/help:9.0.36
+@operato/help:9.0.37
+@operato/help:9.0.38
+@operato/help:9.0.39
+@operato/help:9.0.40
+@operato/help:9.0.41
+@operato/help:9.0.42
+@operato/help:9.0.43
+@operato/help:9.0.44
+@operato/help:9.0.45
+@operato/help:9.0.46
+@operato/i18n:9.0.35
+@operato/i18n:9.0.36
+@operato/i18n:9.0.37
+@operato/input:9.0.27
+@operato/input:9.0.35
+@operato/input:9.0.36
+@operato/input:9.0.37
+@operato/input:9.0.38
+@operato/input:9.0.39
+@operato/input:9.0.40
+@operato/input:9.0.41
+@operato/input:9.0.42
+@operato/input:9.0.43
+@operato/input:9.0.44
+@operato/input:9.0.45
+@operato/input:9.0.46
+@operato/layout:9.0.35
+@operato/layout:9.0.36
+@operato/layout:9.0.37
+@operato/popup:9.0.22
+@operato/popup:9.0.35
+@operato/popup:9.0.36
+@operato/popup:9.0.37
+@operato/popup:9.0.38
+@operato/popup:9.0.39
+@operato/popup:9.0.40
+@operato/popup:9.0.41
+@operato/popup:9.0.42
+@operato/popup:9.0.43
+@operato/popup:9.0.44
+@operato/popup:9.0.45
+@operato/popup:9.0.46
+@operato/pull-to-refresh:9.0.36
+@operato/pull-to-refresh:9.0.37
+@operato/pull-to-refresh:9.0.38
+@operato/pull-to-refresh:9.0.39
+@operato/pull-to-refresh:9.0.40
+@operato/pull-to-refresh:9.0.41
+@operato/pull-to-refresh:9.0.42
+@operato/shell:9.0.22
+@operato/shell:9.0.35
+@operato/shell:9.0.36
+@operato/shell:9.0.37
+@operato/shell:9.0.38
+@operato/shell:9.0.39
+@operato/styles:9.0.2
+@operato/styles:9.0.35
+@operato/styles:9.0.36
+@operato/styles:9.0.37
+@operato/utils:9.0.22
+@operato/utils:9.0.35
+@operato/utils:9.0.36
+@operato/utils:9.0.37
+@operato/utils:9.0.38
+@operato/utils:9.0.39
+@operato/utils:9.0.40
+@operato/utils:9.0.41
+@operato/utils:9.0.42
+@operato/utils:9.0.43
+@operato/utils:9.0.44
+@operato/utils:9.0.45
+@operato/utils:9.0.46
+
+# @teselagen namespace - multiple packages with 0.x versions
+@teselagen/bio-parsers:0.4.29
+@teselagen/bio-parsers:0.4.30
+@teselagen/bounce-loader:0.3.16
+@teselagen/bounce-loader:0.3.17
+@teselagen/file-utils:0.3.21
+@teselagen/file-utils:0.3.22
+@teselagen/liquibase-tools:0.4.1
+@teselagen/ove:0.7.39
+@teselagen/ove:0.7.40
+@teselagen/range-utils:0.3.14
+@teselagen/range-utils:0.3.15
+@teselagen/react-list:0.8.19
+@teselagen/react-list:0.8.20
+@teselagen/react-table:6.10.19
+@teselagen/react-table:6.10.20
+@teselagen/react-table:6.10.21
+@teselagen/react-table:6.10.22
+@teselagen/sequence-utils:0.3.33
+@teselagen/sequence-utils:0.3.34
+@teselagen/ui:0.9.9
+@teselagen/ui:0.9.10
+
+# @things-factory namespace - multiple packages with 9.0.x versions
+@things-factory/attachment-base:9.0.43
+@things-factory/attachment-base:9.0.44
+@things-factory/attachment-base:9.0.45
+@things-factory/attachment-base:9.0.46
+@things-factory/attachment-base:9.0.47
+@things-factory/attachment-base:9.0.48
+@things-factory/attachment-base:9.0.49
+@things-factory/attachment-base:9.0.50
+@things-factory/auth-base:9.0.43
+@things-factory/auth-base:9.0.44
+@things-factory/auth-base:9.0.45
+@things-factory/email-base:9.0.42
+@things-factory/email-base:9.0.43
+@things-factory/email-base:9.0.44
+@things-factory/email-base:9.0.45
+@things-factory/email-base:9.0.46
+@things-factory/email-base:9.0.47
+@things-factory/email-base:9.0.48
+@things-factory/email-base:9.0.49
+@things-factory/email-base:9.0.50
+@things-factory/email-base:9.0.51
+@things-factory/email-base:9.0.52
+@things-factory/email-base:9.0.53
+@things-factory/email-base:9.0.54
+@things-factory/env:9.0.42
+@things-factory/env:9.0.43
+@things-factory/env:9.0.44
+@things-factory/env:9.0.45
+@things-factory/integration-base:9.0.43
+@things-factory/integration-base:9.0.44
+@things-factory/integration-base:9.0.45
+@things-factory/integration-marketplace:9.0.43
+@things-factory/integration-marketplace:9.0.44
+@things-factory/integration-marketplace:9.0.45
+
+# @nativescript-community namespace - 40+ packages
+@nativescript-community/push:1.0.0
+@nativescript-community/sqlite:3.5.2
+@nativescript-community/sqlite:3.5.3
+@nativescript-community/sqlite:3.5.4
+@nativescript-community/sqlite:3.5.5
+@nativescript-community/ui-material-activityindicator:7.2.49
+@nativescript-community/ui-material-bottomnavigationbar:7.2.49
+@nativescript-community/ui-material-bottomsheet:7.2.49
+@nativescript-community/ui-material-button:7.2.49
+@nativescript-community/ui-material-cardview:7.2.49
+@nativescript-community/ui-material-core:7.2.49
+@nativescript-community/ui-material-dialogs:7.2.49
+@nativescript-community/ui-material-floatingactionbutton:7.2.49
+@nativescript-community/ui-material-progress:7.2.49
+@nativescript-community/ui-material-ripple:7.2.49
+@nativescript-community/ui-material-slider:7.2.49
+@nativescript-community/ui-material-snackbar:7.2.49
+@nativescript-community/ui-material-tabs:7.2.49
+@nativescript-community/ui-material-textfield:7.2.49
+@nativescript-community/ui-material-textview:7.2.49
+
+# Popular standalone packages compromised
+angulartics2:14.1.2
+koa2-swagger-ui:5.11.1
+koa2-swagger-ui:5.11.2
+ngx-bootstrap:18.1.4
+ngx-bootstrap:19.0.3
+ngx-bootstrap:20.0.4
+ngx-bootstrap:20.0.5
+ngx-bootstrap:20.0.6
+ngx-toastr:19.0.1
+ngx-toastr:19.0.2
+
+# Additional compromised packages from JFrog comprehensive list
+@art-ws/db-context:2.0.21
+@basic-ui-components-stc/basic-ui-components:1.0.5
+@ctrl/ngx-codemirror:7.0.1
+@ctrl/ngx-csv:6.0.1
+@ctrl/ngx-emoji-mart:9.2.1
+@ctrl/ngx-rightclick:4.0.1
+@ctrl/qbittorrent:9.7.1
+@ctrl/react-adsense:2.0.1
+@ctrl/shared-torrent:6.3.1
+@ctrl/torrent-file:4.1.1
+@ctrl/ts-base32:4.0.1
+@hestjs/core:0.2.1
+@hestjs/cqrs:0.1.6
+@hestjs/demo:0.1.2
+@hestjs/eslint-config:0.1.2
+@hestjs/logger:0.1.6
+@hestjs/scalar:0.1.7
+@hestjs/validation:0.1.6
+@nativescript-community/arraybuffers:1.1.6
+@nativescript-community/arraybuffers:1.1.7
+@nativescript-community/arraybuffers:1.1.8
+@nativescript-community/perms:3.0.5
+@nativescript-community/perms:3.0.6
+@nativescript-community/perms:3.0.7
+@nativescript-community/perms:3.0.8
+@nativescript-community/perms:3.0.9
+@nativescript-community/sentry:4.6.43
+@nativescript-community/text:1.6.10
+@nativescript-community/text:1.6.11
+@nativescript-community/text:1.6.12
+@nativescript-community/text:1.6.9
+@nativescript-community/typeorm:0.2.30
+@nativescript-community/typeorm:0.2.31
+@nativescript-community/typeorm:0.2.32
+@nativescript-community/typeorm:0.2.33
+@nativescript-community/ui-document-picker:1.1.27
+@nativescript-community/ui-document-picker:1.1.28
+@nativescript-community/ui-label:1.3.35
+@nativescript-community/ui-label:1.3.36
+@nativescript-community/ui-label:1.3.37
+@nativescript-community/ui-material-bottom-navigation:7.2.72
+@nativescript-community/ui-material-bottom-navigation:7.2.73
+@nativescript-community/ui-material-bottom-navigation:7.2.74
+@nativescript-community/ui-material-bottom-navigation:7.2.75
+@nativescript-community/ui-material-core-tabs:7.2.72
+@nativescript-community/ui-material-core-tabs:7.2.73
+@nativescript-community/ui-material-core-tabs:7.2.74
+@nativescript-community/ui-material-core-tabs:7.2.75
+@nativescript-community/ui-material-core:7.2.72
+@nativescript-community/ui-material-core:7.2.73
+@nativescript-community/ui-material-core:7.2.74
+@nativescript-community/ui-material-core:7.2.75
+@nativescript-community/ui-material-ripple:7.2.72
+@nativescript-community/ui-material-ripple:7.2.73
+@nativescript-community/ui-material-ripple:7.2.74
+@nativescript-community/ui-material-ripple:7.2.75
+@nativescript-community/ui-material-tabs:7.2.72
+@nativescript-community/ui-material-tabs:7.2.73
+@nativescript-community/ui-material-tabs:7.2.74
+@nativescript-community/ui-material-tabs:7.2.75
+@nativescript-community/ui-pager:14.1.35
+@nativescript-community/ui-pager:14.1.36
+@nativescript-community/ui-pager:14.1.37
+@nativescript-community/ui-pager:14.1.38
+@nativescript-community/ui-pulltorefresh:2.5.4
+@nativescript-community/ui-pulltorefresh:2.5.5
+@nativescript-community/ui-pulltorefresh:2.5.6
+@nativescript-community/ui-pulltorefresh:2.5.7
+@nexe/config-manager:0.1.1
+@nexe/eslint-config:0.1.1
+@nexe/logger:0.1.3
+@nstudio/xplat-utils:20.0.4
+@nstudio/xplat-utils:20.0.7
+@nstudio/xplat:20.0.4
+@nstudio/xplat:20.0.5
+@nstudio/xplat:20.0.6
+@nstudio/xplat:20.0.7
+@operato/board:9.0.35
+@operato/board:9.0.47
+@operato/board:9.0.48
+@operato/board:9.0.49
+@operato/board:9.0.50
+@operato/board:9.0.51
+@operato/graphql:9.0.47
+@operato/graphql:9.0.48
+@operato/graphql:9.0.49
+@operato/graphql:9.0.50
+@operato/graphql:9.0.51
+@operato/help:9.0.47
+@operato/help:9.0.48
+@operato/help:9.0.49
+@operato/help:9.0.50
+@operato/help:9.0.51
+@operato/input:9.0.47
+@operato/input:9.0.48
+@operato/popup:9.0.47
+@operato/popup:9.0.48
+@operato/popup:9.0.49
+@operato/popup:9.0.50
+@operato/popup:9.0.51
+@operato/pull-to-refresh:9.0.35
+@operato/pull-to-refresh:9.0.43
+@operato/pull-to-refresh:9.0.44
+@operato/pull-to-refresh:9.0.45
+@operato/pull-to-refresh:9.0.46
+@operato/pull-to-refresh:9.0.47
+@operato/utils:9.0.47
+@operato/utils:9.0.48
+@operato/utils:9.0.49
+@operato/utils:9.0.50
+@operato/utils:9.0.51
+@thangved/callback-window:1.1.4
+@things-factory/attachment-base:9.0.42
+@things-factory/attachment-base:9.0.51
+@things-factory/attachment-base:9.0.52
+@things-factory/attachment-base:9.0.53
+@things-factory/attachment-base:9.0.54
+@things-factory/attachment-base:9.0.55
+@things-factory/auth-base:9.0.42
+@things-factory/email-base:9.0.55
+@things-factory/email-base:9.0.56
+@things-factory/email-base:9.0.57
+@things-factory/email-base:9.0.58
+@things-factory/email-base:9.0.59
+@things-factory/integration-base:9.0.42
+@things-factory/integration-marketplace:9.0.42
+@things-factory/shell:9.0.42
+@things-factory/shell:9.0.43
+@things-factory/shell:9.0.44
+@things-factory/shell:9.0.45
+@tnf-dev/api:1.0.8
+@tnf-dev/core:1.0.8
+@tnf-dev/js:1.0.8
+@tnf-dev/mui:1.0.8
+@tnf-dev/react:1.0.8
+@ui-ux-gang/devextreme-angular-rpk:24.1.7
+@ui-ux-gang/devextreme-rpk:24.1.7
+@yoobic/design-system:6.5.17
+@yoobic/jpeg-camera-es6:1.0.13
+@yoobic/yobi:8.7.53
+ace-colorpicker-rpk:0.0.14
+airchief:0.3.1
+airpilot:0.8.8
+angulartics2:14.1.1
+browser-webdriver-downloader:3.0.8
+capacitor-notificationhandler:0.0.2
+capacitor-notificationhandler:0.0.3
+capacitor-plugin-healthapp:0.0.2
+capacitor-plugin-healthapp:0.0.3
+capacitor-plugin-ihealth:1.1.8
+capacitor-plugin-ihealth:1.1.9
+capacitor-plugin-vonage:1.0.2
+capacitor-plugin-vonage:1.0.3
+capacitorandroidpermissions:0.0.4
+capacitorandroidpermissions:0.0.5
+config-cordova:0.8.5
+cordova-plugin-voxeet2:1.0.24
+cordova-voxeet:1.0.32
+create-hest-app:0.1.9
+db-evo:1.1.4
+db-evo:1.1.5
+devextreme-angular-rpk:21.2.8
+devextreme-rpk:21.2.8
+ember-browser-services:5.0.2
+ember-browser-services:5.0.3
+ember-headless-form-yup:1.0.1
+ember-headless-form:1.1.2
+ember-headless-form:1.1.3
+ember-headless-table:2.1.5
+ember-headless-table:2.1.6
+ember-url-hash-polyfill:1.0.12
+ember-url-hash-polyfill:1.0.13
+ember-velcro:2.2.1
+ember-velcro:2.2.2
+encounter-playground:0.0.2
+encounter-playground:0.0.3
+encounter-playground:0.0.4
+eslint-config-crowdstrike-node:4.0.3
+eslint-config-crowdstrike-node:4.0.4
+eslint-config-crowdstrike:11.0.2
+eslint-config-crowdstrike:11.0.3
+eslint-config-teselagen:6.1.7
+eslint-config-teselagen:6.1.8
+globalize-rpk:1.7.4
+graphql-sequelize-teselagen:5.3.8
+graphql-sequelize-teselagen:5.3.9
+html-to-base64-image:1.0.2
+json-rules-engine-simplified:0.2.1
+json-rules-engine-simplified:0.2.2
+json-rules-engine-simplified:0.2.3
+json-rules-engine-simplified:0.2.4
+jumpgate:0.0.2
+mcfly-semantic-release:1.3.1
+mcp-knowledge-base:0.0.2
+mcp-knowledge-graph:1.2.1
+mobioffice-cli:1.0.3
+monorepo-next:13.0.1
+monorepo-next:13.0.2
+mstate-angular:0.4.4
+mstate-cli:0.4.7
+mstate-dev-react:1.1.1
+mstate-react:1.6.5
+ng-imports-checker:0.0.10
+ng-imports-checker:0.0.9
+ng2-file-upload:7.0.2
+ng2-file-upload:8.0.1
+ng2-file-upload:8.0.2
+ng2-file-upload:8.0.3
+ng2-file-upload:9.0.1
+ngx-bootstrap:19.0.4
+ngx-bootstrap:20.0.3
+ngx-color:10.0.1
+ngx-ws:1.1.5
+ngx-ws:1.1.6
+oradm-to-gql:35.0.14
+oradm-to-gql:35.0.15
+oradm-to-sqlz:1.1.2
+oradm-to-sqlz:1.1.3
+oradm-to-sqlz:1.1.4
+oradm-to-sqlz:1.1.5
+ove-auto-annotate:0.0.10
+ove-auto-annotate:0.0.9
+pm2-gelf-json:1.0.4
+pm2-gelf-json:1.0.5
+printjs-rpk:1.6.1
+react-complaint-image:0.0.32
+react-complaint-image:0.0.33
+react-complaint-image:0.0.34
+react-jsonschema-form-conditionals:0.3.18
+react-jsonschema-form-conditionals:0.3.19
+react-jsonschema-form-conditionals:0.3.20
+react-jsonschema-form-extras:1.0.1
+react-jsonschema-form-extras:1.0.2
+react-jsonschema-form-extras:1.0.3
+react-jsonschema-rxnt-extras:0.4.6
+react-jsonschema-rxnt-extras:0.4.7
+react-jsonschema-rxnt-extras:0.4.8
+react-jsonschema-rxnt-extras:0.4.9
+remark-preset-lint-crowdstrike:4.0.1
+remark-preset-lint-crowdstrike:4.0.2
+rxnt-authentication:0.0.3
+rxnt-authentication:0.0.4
+rxnt-authentication:0.0.5
+rxnt-healthchecks-nestjs:1.0.2
+rxnt-healthchecks-nestjs:1.0.3
+rxnt-healthchecks-nestjs:1.0.4
+rxnt-kue:1.0.4
+rxnt-kue:1.0.5
+rxnt-kue:1.0.6
+swc-plugin-component-annotate:1.9.1
+tbssnch:1.0.2
+teselagen-interval-tree:1.1.2
+tg-client-query-builder:2.14.4
+tg-client-query-builder:2.14.5
+tg-redbird:1.3.1
+tg-redbird:1.3.2
+tg-seq-gen:1.0.10
+tg-seq-gen:1.0.9
+thangved-react-grid:1.0.3
+ts-gaussian:3.0.5
+ts-imports:1.0.1
+ts-imports:1.0.2
+tvi-cli:0.1.5
+ve-bamreader:0.2.6
+ve-bamreader:0.2.7
+ve-editor:1.0.1
+ve-editor:1.0.2
+verror-extra:6.0.1
+voip-callkit:1.0.2
+voip-callkit:1.0.3
+wdio-web-reporter:0.1.3
+yargs-help-output:5.0.3
+yoo-styles:6.0.326

package/gitignore

@@ -0,0 +1,36 @@
+# Node.js
+node_modules/
+
+# OS junk
+.DS_Store
+Thumbs.db
+
+# IDEs and editors
+# VS Code
+.vscode/
+*.code-workspace
+
+# IntelliJ / JetBrains IDEs
+.idea/
+*.iml
+
+# Eclipse
+.project
+.classpath
+.settings/
+
+# NetBeans
+nbproject/private/
+build/
+
+# Vim
+*.swp
+*.swo
+
+# Emacs
+*~
+\#*\#
+
+# Other backups
+*.bak
+*.tmp

package/package.json

@@ -0,0 +1,16 @@
+{
+  "name": "hulud-party-scanner",
+  "version": "1.0.0",
+  "preferGlobal": true,
+  "bin": {
+    "hulud-party-scanner": "./scan.js"
+  },
+  "description": "Project integrity scanner for known vulnerabilities and suspicious patterns related to the Shai-Hulud supply-chain attack.",
+  "main": "scan.js",
+  "scripts": {
+    "scan": "node scan.js"
+  },
+  "author": "miguel.sngular",
+  "license": "ISC",
+  "repository": "https://github.com/migohe14/hulud-scanner"
+}

package/scan.js

@@ -0,0 +1,217 @@
+#!/usr/bin/env node
+const fs = require('fs');
+const https = require('https');
+const path = require('path');
+const crypto = require('crypto');
+ 
+// --- Configuration ---
+const COMPROMISED_LIST_URL = "https://raw.githubusercontent.com/migohe14/hulud-scanner/refs/heads/main/compromised-libs.txt";
+const MALICIOUS_HASH = "46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09";
+
+// --- Console Colors ---
+const colors = {
+    RED: '\x1b[31m',
+    GREEN: '\x1b[32m',
+    YELLOW: '\x1b[33m',
+    CYAN: '\x1b[36m',
+    BLUE: '\x1b[34m',
+    RESET: '\x1b[0m'
+};
+
+/** 
+ * Downloads the list of compromised packages from GitHub.
+ * @returns {Promise<Set<string>>} A Set of packages in "name@version" format.
+ */
+async function getCompromisedPackages() {
+    console.log(`${colors.CYAN}🌐 Downloading compromised packages list...${colors.RESET}`);
+    return new Promise((resolve, reject) => {
+        https.get(COMPROMISED_LIST_URL, (res) => {
+            let data = '';
+            res.on('data', (chunk) => { data += chunk; });
+            res.on('end', () => {
+                const packages = data
+                    .split('\n')
+                    .map(line => line.trim())
+                    .filter(line => line && !line.startsWith('#')) // Ignore comments and empty lines
+                    .map(line => line.replace(':', '@')) // Change 'pkg:1.0.0' to 'pkg@1.0.0'
+                    .reduce((acc, line) => {
+                        // Handle lines with multiple versions like 'pkg:1.0.0, 1.0.1'
+                        const [name, versions] = line.split('@');
+                        if (versions) {
+                            versions.split(',').forEach(version => {
+                                acc.add(`${name}@${version.trim()}`);
+                            });
+                        }
+                        return acc;
+                    }, new Set());
+                resolve(packages);
+            });
+        }).on('error', (err) => {
+            reject(new Error(`Failed to download list: ${err.message}`));
+        });
+    });
+}
+
+/** 
+ * Extracts all dependencies from a package-lock.json file.
+ * Supports v1/v2 (npm 6) and v2/v3 (npm 7+) formats.
+ * @param {string} lockfilePath - Path to the package-lock.json.
+ * @returns {Set<string>} A Set of local dependencies in "name@version" format.
+ */
+function getLocalPackages(lockfilePath) {
+    console.log(`${colors.CYAN}📦 Extracting dependencies from ${lockfilePath}...${colors.RESET}`);
+    if (!fs.existsSync(lockfilePath)) {
+        throw new Error(`File not found: ${lockfilePath}`);
+    }
+
+    const lockfile = JSON.parse(fs.readFileSync(lockfilePath, 'utf-8'));
+    const packages = new Set();
+
+    // Modern format (npm 7+), 'packages' key
+    if (lockfile.packages) {
+        console.log(`🔍 Analyzing lockfile format v2/v3 (npm 7+)...`);
+        for (const [pkgPath, details] of Object.entries(lockfile.packages)) {
+            if (pkgPath && details.version) {
+                // La ruta es como "node_modules/express" o "" para el root.
+                const name = pkgPath.replace(/^node_modules\//, '');
+                if (name) { // Ignorar el paquete raíz del proyecto
+                    packages.add(`${name}@${details.version}`);
+                }
+            }
+        }
+    }
+    // Legacy format (npm 6), 'dependencies' key
+    else if (lockfile.dependencies) {
+        console.log(`🔍 Analyzing lockfile format v1 (npm 6)...`);
+        const extractDeps = (deps) => {
+            if (!deps) return;
+            for (const [name, details] of Object.entries(deps)) {
+                if (details.version) {
+                    packages.add(`${name}@${details.version}`);
+                }
+                // Recursively search in sub-dependencies
+                if (details.dependencies) {
+                    extractDeps(details.dependencies);
+                }
+            }
+        };
+        extractDeps(lockfile.dependencies);
+    } else {
+        throw new Error('Unrecognized package-lock.json format.');
+    }
+
+    return packages;
+}
+
+/**
+ * Recursively scans a directory for files matching a known malicious hash.
+ * @param {string} directory - The directory to scan.
+ * @returns {string[]} A list of paths to malicious files.
+ */
+function scanForMaliciousFiles(directory) {
+    console.log(`${colors.CYAN}🔍 Scanning file signatures in ${directory}...${colors.RESET}`);
+    const maliciousFiles = [];
+    const filesToScan = [];
+
+    // Get all files recursively, ignoring node_modules and .git
+    function findFiles(dir) {
+        const entries = fs.readdirSync(dir, { withFileTypes: true });
+        for (const entry of entries) {
+            const fullPath = path.join(dir, entry.name);
+            if (entry.isDirectory()) {
+                if (entry.name !== 'node_modules' && entry.name !== '.git') {
+                    findFiles(fullPath);
+                }
+            } else if (entry.isFile()) {
+                filesToScan.push(fullPath);
+            }
+        }
+    }
+
+    findFiles(directory);
+
+    for (const file of filesToScan) {
+        const fileBuffer = fs.readFileSync(file);
+        const hashSum = crypto.createHash('sha256');
+        hashSum.update(fileBuffer);
+        const hex = hashSum.digest('hex');
+
+        if (hex === MALICIOUS_HASH) {
+            maliciousFiles.push(path.relative(directory, file));
+        }
+    }
+    return maliciousFiles;
+}
+
+/** 
+ * Main function to orchestrate the scan.
+ */
+async function main() {
+    try {
+        // Use the provided path or the current directory.
+        const targetPath = process.argv[2] || '.';
+        const projectRoot = path.resolve(targetPath);
+
+        if (!fs.existsSync(projectRoot) || !fs.statSync(projectRoot).isDirectory()) {
+            throw new Error(`Project directory not found: ${projectRoot}`);
+        }
+
+        console.log(`\n${colors.BLUE}--- Shai-Hulud Integrity Scanner (Node.js) ---${colors.RESET}`);
+        console.log(`Scanning project at: ${projectRoot}`);
+
+        // --- Vector 1: Dependency Analysis ---
+        let dependencyMatches = new Set();
+        const lockfilePath = path.join(projectRoot, 'package-lock.json');
+
+        if (fs.existsSync(lockfilePath)) {
+            const localPackages = getLocalPackages(lockfilePath);
+            const compromisedPackages = await getCompromisedPackages();
+            console.log(`${colors.CYAN}🔍 Comparing dependencies...${colors.RESET}`);
+            for (const localPkg of localPackages) {
+                if (compromisedPackages.has(localPkg)) {
+                    dependencyMatches.add(localPkg);
+                }
+            }
+        } else {
+            console.log(`${colors.YELLOW}⚠️  No package-lock.json found. Skipping dependency scan.${colors.RESET}`);
+        }
+
+        // --- Vector 2: File Signature Analysis ---
+        const fileMatches = scanForMaliciousFiles(projectRoot);
+
+        // --- Reporting ---
+        console.log('\n' + '-'.repeat(50));
+        let issuesFound = false;
+
+        if (fileMatches.length > 0) {
+            issuesFound = true;
+            console.log(`${colors.RED}🚨 CRITICAL RISK: Known Malware Signature Detected${colors.RESET}`);
+            fileMatches.forEach(match => {
+                console.log(`  - File: ${colors.YELLOW}${match}${colors.RESET}`);
+            });
+            console.log('');
+        }
+
+        if (dependencyMatches.size > 0) {
+            issuesFound = true;
+            console.log(`${colors.RED}🚨 HIGH RISK: Compromised Package Versions Detected${colors.RESET}`);
+            dependencyMatches.forEach(match => {
+                console.log(`  - ${colors.YELLOW}${match}${colors.RESET}`);
+            });
+        }
+
+        console.log('-'.repeat(50));
+        if (issuesFound) {
+            console.log(`${colors.RED}Scan complete. Actionable issues were found.${colors.RESET}`);
+            process.exit(2);
+        } else {
+            console.log(`${colors.GREEN}✅ All good! No known integrity issues found.${colors.RESET}`);
+        }
+
+    } catch (error) {
+        console.error(`${colors.RED}❌ ERROR: ${error.message}${colors.RESET}`);
+        process.exit(1);
+    }
+}
+
+main();