←back to thread

NPM debug and chalk packages compromised

(www.aikido.dev)
1369 points universesquid | 1 comments | 08 Sep 25 15:37 UTC | HN request time: 0s | source
Show context
joaomoreno ◴[08 Sep 25 16:49 UTC] No.45170585[source]
From sindresorhus:

You can run the following to check if you have the malware in your dependency tree:

`rg -u --max-columns=80 _0x112fa8`

Requires ripgrep:

`brew install rg`

https://github.com/chalk/chalk/issues/656#issuecomment-32668...

replies(8): >>45171142 #>>45171275 #>>45171304 #>>45171841 #>>45172110 #>>45172189 #>>45174730 #>>45175821 #
cgijoe ◴[08 Sep 25 17:38 UTC] No.45171275[source]
Sorry, I am unfamiliar with ripgrep. Is this simply scanning for the string `_0x112fa8`? Could we do the same thing with normal grep -r?
replies(2): >>45171316 #>>45171334 #
skrebbel ◴[08 Sep 25 17:41 UTC] No.45171316[source]
yes. ripgrep just does it faster, is all.
replies(2): >>45173163 #>>45173857 #
nothrabannosir ◴[08 Sep 25 20:56 UTC] No.45173857[source]
But also respects .gitignore by default so I’m not sure you want to use ripgrep to scan your node_modules
replies(2): >>45174032 #>>45174067 #
1. AkshatJ27 ◴[08 Sep 25 21:12 UTC] No.45174067{3}[source]
Isn't the intended behaviour of original comment checking the node_modules folder for the "infected" string.