PHPackages sunnysideup/scan-for-bad-npm-packages - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. sunnysideup/scan-for-bad-npm-packages ActiveLibrary[Security](/categories/security) sunnysideup/scan-for-bad-npm-packages ===================================== Scans for Shai Hulud and other bad npm packages. USE AT YOUR OWN RISK! 1.1.0(7mo ago)00MITShell Since Sep 19Pushed 7mo agoCompare [ Source](https://github.com/sunnysideup/scan-for-bad-npm-packages)[ Packagist](https://packagist.org/packages/sunnysideup/scan-for-bad-npm-packages)[ RSS](/packages/sunnysideup-scan-for-bad-npm-packages/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependenciesVersions (3)Used By (0) status ====== [](#status) this is just a bit of a hack right now, Nothing useful yet. Please use at your own risk!!!!!!!!!!!!! tl;dr ===== [](#tldr) Scans for possible “shai hulud” attacks using an external source for list of possible attack strings (file or URL) via --list <path|url>. Scans recursively for package.json (excluding node\_modules) and checks: - Installed version in node\_modules - Requested spec in package.json (strips ^/~) - Lockfiles in the same project dir: package-lock.json, npm-shrinkwrap.json, yarn.lock (classic & berry), pnpm-lock.yaml Outputs TSV: STATUS PACKAGE@VERSION PATH. how to run ---------- [](#how-to-run) ### check first [](#check-first) - run `nano /tmp/processor.sh` to see if it exists - run `nano /tmp/migrate-repos.sh` to see if it exists - open: [https://github.com/search?q=Shai-Hulud+org%3APLACEHOLDER&type=repositories&s=updated&o=desc](https://github.com/search?q=Shai-Hulud+org%3APLACEHOLDER&type=repositories&s=updated&o=desc) (source: ) - open: [https://github.com/search?q=%22Shai-Hulud+Migration%22+org%3APLACEHOLDER&type=repositories&s=updated&o=desc](https://github.com/search?q=%22Shai-Hulud+Migration%22+org%3APLACEHOLDER&type=repositories&s=updated&o=desc) (source: ) ### run first (CAREFUL!!!!) [](#run-first-careful) ``` # clean npm cache npm cache clean --force # remove all existing node_modules folders changed since september sudo find / -type d -name 'node_modules' \ -exec bash -c ' if find "$1" -type f -newermt "2025-09-01" -quit | grep -q .; then rm -rf "$1" echo "Deleted: $1" fi ' _ {} \; ``` ### scan your computer [](#scan-your-computer) ``` # Ensure temp dir exists mkdir -p /var/www/tmp cd /var/www/tmp # Clone repository (remove old copy first) rm -rf scan-for-bad-npm-packages git clone https://github.com/sunnysideup/scan-for-bad-npm-packages.git scan-for-bad-npm-packages sudo bash scan-for-bad-npm-packages/run.sh ``` Ideally, you would run this on your whole machine. Also do ------- [](#also-do) Check your github account for any untoward changes. Also see -------- [](#also-see) - - - - ### Health Score 27 — LowBetter than 49% of packages Maintenance62 Regular maintenance activity Popularity0 Limited adoption so far Community6 Small or concentrated contributor base Maturity36 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 2 Last Release 236d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/167154?v=4)[Sunny Side Up](/maintainers/sunnysideup)[@sunnysideup](https://github.com/sunnysideup) --- Top Contributors [![sunnysideup](https://avatars.githubusercontent.com/u/167154?v=4)](https://github.com/sunnysideup "sunnysideup (23 commits)") --- Tags securityvirusscanshai huluddodgy files ### Embed Badge ![Health badge](/badges/sunnysideup-scan-for-bad-npm-packages/health.svg) ``` [![Health](https://phpackages.com/badges/sunnysideup-scan-for-bad-npm-packages/health.svg)](https://phpackages.com/packages/sunnysideup-scan-for-bad-npm-packages) ``` ### Alternatives [phpseclib/phpseclib PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc. 5.6k434.8M1.3k](/packages/phpseclib-phpseclib)[defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41278.1M118](/packages/robrichards-xmlseclibs)[spatie/laravel-csp Add CSP headers to the responses of a Laravel app 8519.6M19](/packages/spatie-laravel-csp) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)