yduman · September 9, 2025 11:39
diff --git a/check-vulnerable-packages.sh b/check-vulnerable-packages.sh
 #!/bin/bash

 # Script to check for vulnerable package versions affected by supply chain attack
 # Run this script to identify potentially compromised dependencies
 #
 # Usage:
 #   ./check-vulnerable-packages.sh [--pnpm|--npm]
 #   
 # Flags:
 #   --pnpm    Use pnpm package manager (default if no flag specified)
 #   --npm     Use npm package manager

 # Parse command line arguments
 PACKAGE_MANAGER="pnpm"
 while [[ $# -gt 0 ]]; do
    case $1 in
        --pnpm)
            PACKAGE_MANAGER="pnpm"
            shift
            ;;
        --npm)
            PACKAGE_MANAGER="npm"
            shift
            ;;
        -h|--help)
            echo "Usage: $0 [--pnpm|--npm]"
            echo "  --pnpm    Use pnpm package manager (default)"
            echo "  --npm     Use npm package manager"
            exit 0
            ;;
        *)
            echo "Unknown option: $1"
            echo "Use --help for usage information"
            exit 1
            ;;
    esac
 done

 echo "Checking for vulnerable package versions using $PACKAGE_MANAGER..."
 echo "========================================="

 # List of vulnerable packages and versions to check (package:version format)
 vulnerable_packages=(
    "backslash:0.2.1"
    "chalk-template:1.1.1"
    "supports-hyperlinks:4.1.1"
    "has-ansi:6.0.1"
    "simple-swizzle:0.2.3"
    "color-string:2.1.1"
    "error-ex:1.3.3"
    "color-name:2.0.1"
    "is-arrayish:0.3.3"
    "slice-ansi:7.1.1"
    "color-convert:3.1.1"
    "wrap-ansi:9.0.1"
    "ansi-regex:6.2.1"
    "supports-color:10.2.1"
    "strip-ansi:7.1.1"
    "chalk:5.6.1"
    "debug:4.4.2"
    "ansi-styles:6.2.2"
 )

 found_vulnerable=0

 # Check each vulnerable package
 for package_version in "${vulnerable_packages[@]}"; do
    package="${package_version%:*}"
    version="${package_version#*:}"
    echo "Checking for $package $version..."
    
    # Use the selected package manager to check for the specific package and version
    if [ "$PACKAGE_MANAGER" = "pnpm" ]; then
        result=$(pnpm ls --depth Infinity "$package" 2>/dev/null | grep "$package $version")
    else
        result=$(npm ls --depth Infinity "$package" 2>/dev/null | grep "$package@$version")
    fi
    
    if [ ! -z "$result" ]; then
        echo "⚠️  FOUND VULNERABLE: $result"
        found_vulnerable=1
    fi
 done

 echo "========================================="

 if [ $found_vulnerable -eq 1 ]; then
    echo "❌ VULNERABLE packages found! Review the packages listed above."
    echo "Consider updating your dependencies or checking with your security team."
    exit 1
 else
    echo "✅ No vulnerable package versions detected."
    exit 0
 fi
	#!/bin/bash

	# Script to check for vulnerable package versions affected by supply chain attack
	# Run this script to identify potentially compromised dependencies
	#
	# Usage:
	# ./check-vulnerable-packages.sh [--pnpm\|--npm]
	#
	# Flags:
	# --pnpm Use pnpm package manager (default if no flag specified)
	# --npm Use npm package manager

	# Parse command line arguments
	PACKAGE_MANAGER="pnpm"
	while [[ $# -gt 0 ]]; do
	case $1 in
	--pnpm)
	PACKAGE_MANAGER="pnpm"
	shift
	;;
	--npm)
	PACKAGE_MANAGER="npm"
	shift
	;;
	-h\|--help)
	echo "Usage: $0 [--pnpm\|--npm]"
	echo " --pnpm Use pnpm package manager (default)"
	echo " --npm Use npm package manager"
	exit 0
	;;
	*)
	echo "Unknown option: $1"
	echo "Use --help for usage information"
	exit 1
	;;
	esac
	done

	echo "Checking for vulnerable package versions using $PACKAGE_MANAGER..."
	echo "========================================="

	# List of vulnerable packages and versions to check (package:version format)
	vulnerable_packages=(
	"backslash:0.2.1"
	"chalk-template:1.1.1"
	"supports-hyperlinks:4.1.1"
	"has-ansi:6.0.1"
	"simple-swizzle:0.2.3"
	"color-string:2.1.1"
	"error-ex:1.3.3"
	"color-name:2.0.1"
	"is-arrayish:0.3.3"
	"slice-ansi:7.1.1"
	"color-convert:3.1.1"
	"wrap-ansi:9.0.1"
	"ansi-regex:6.2.1"
	"supports-color:10.2.1"
	"strip-ansi:7.1.1"
	"chalk:5.6.1"
	"debug:4.4.2"
	"ansi-styles:6.2.2"
	)

	found_vulnerable=0

	# Check each vulnerable package
	for package_version in "${vulnerable_packages[@]}"; do
	package="${package_version%:*}"
	version="${package_version#*:}"
	echo "Checking for $package $version..."

	# Use the selected package manager to check for the specific package and version
	if [ "$PACKAGE_MANAGER" = "pnpm" ]; then
	result=$(pnpm ls --depth Infinity "$package" 2>/dev/null \| grep "$package $version")
	else
	result=$(npm ls --depth Infinity "$package" 2>/dev/null \| grep "$package@$version")
	fi

	if [ ! -z "$result" ]; then
	echo "⚠️ FOUND VULNERABLE: $result"
	found_vulnerable=1
	fi
	done

	echo "========================================="

	if [ $found_vulnerable -eq 1 ]; then
	echo "❌ VULNERABLE packages found! Review the packages listed above."
	echo "Consider updating your dependencies or checking with your security team."
	exit 1
	else
	echo "✅ No vulnerable package versions detected."
	exit 0
	fi
No results found