(www.aikido.dev)

Show context

joaomoreno ◴[08 Sep 25 16:49 UTC] No.45170585[source]▶

From sindresorhus:

You can run the following to check if you have the malware in your dependency tree:

`rg -u --max-columns=80 _0x112fa8`

Requires ripgrep:

`brew install rg`

cgijoe ◴[08 Sep 25 17:38 UTC] No.45171275[source]▶

Sorry, I am unfamiliar with ripgrep. Is this simply scanning for the string `_0x112fa8`? Could we do the same thing with normal grep -r?

1. skrebbel ◴[08 Sep 25 17:41 UTC] No.45171316[source]▶

yes. ripgrep just does it faster, is all.

2. hinkley ◴[08 Sep 25 19:58 UTC] No.45173163[source]▶

Make it work, make it right, make it fast.

For security checks, the first 2 out of 3 is just fine.

replies(1): >>45174327 #

But also respects .gitignore by default so I’m not sure you want to use ripgrep to scan your node_modules

4. Fishkins ◴[08 Sep 25 21:09 UTC] No.45174032[source]▶

For others who didn't know, the -u flag in the OP's command makes it so ripgrep _will_ search files even if they're gitignored

replies(1): >>45177926 #

5. AkshatJ27 ◴[08 Sep 25 21:12 UTC] No.45174067[source]▶

Isn't the intended behaviour of original comment checking the node_modules folder for the "infected" string.

6. Aeolun ◴[08 Sep 25 21:35 UTC] No.45174327[source]▶

Sure, but if you can get the last for free, why not?

7. postalcoder ◴[09 Sep 25 05:54 UTC] No.45177926{3}[source]▶

-u searches through ignored files

-uu searches through ignored and hidden files (eg dotfiles)

-uuu searches through ignored, hidden, and binary files (ie everything)

NPM debug and chalk packages compromised