←back to thread

NPM debug and chalk packages compromised

(www.aikido.dev)
1369 points universesquid | 2 comments | 08 Sep 25 15:37 UTC | HN request time: 0.425s | source
Show context
joaomoreno ◴[08 Sep 25 16:49 UTC] No.45170585[source]
From sindresorhus:

You can run the following to check if you have the malware in your dependency tree:

`rg -u --max-columns=80 _0x112fa8`

Requires ripgrep:

`brew install rg`

https://github.com/chalk/chalk/issues/656#issuecomment-32668...

replies(8): >>45171142 #>>45171275 #>>45171304 #>>45171841 #>>45172110 #>>45172189 #>>45174730 #>>45175821 #
1. dabockster ◴[09 Sep 25 00:14 UTC] No.45175821[source]
Here's something I generated in my coding AI for Powershell:

`Get-ChildItem -Recurse | Select-String -Pattern '_0x112fa8' | ForEach-Object { $_.Line.Substring(0, [Math]::Min(80, $_.Line.Length)) }`

Breakdown of the Command:

- Get-ChildItem -Recurse: This command retrieves all files in the current directory and its subdirectories.

- Select-String -Pattern '_0x112fa8': This searches for the specified pattern in the files.

- ForEach-Object { ... }: This processes each match found.

- Substring(0, [Math]::Min(80, $_.Line.Length)): This limits the output to a maximum of 80 characters per line.

---

Hopefully this should work for Windows devs out there. If not, reply and I'll try to modify it.

replies(1): >>45177364 #
2. metaltyphoon ◴[09 Sep 25 04:21 UTC] No.45177364[source]
Or you can just install ripgrep on windows too and have it check much faster ;)