Skip to content

js-kyle/npm-viewscripts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
test
test
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cli.js
cli.js
 
 
index.js
index.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation


npm-viewscripts

Identify potentially malicious npm scripts in a project.

GitHub NPM

Overview

This project is a Node.js CLI tool to identify which of a project's existing dependencies are utilising npm lifecycle scripts, which could be malicious.

The currently configured npm scripts the tool will identify are: preinstall, postintall, preuninstall, postuninstall

Note: This project is to educate, so should not be used as a complete npm security solution.

Installation

# install globally, using npm $ npm install npm-viewscripts -g # Run the cli on a project $ cd my-node-project $ npm install $ npm-viewscripts

Usage

$ npm-viewscripts Usage $ npm-viewscripts [path] Options path Modules folder [Default: node_modules]

Understanding the result

Positive report example:

Potentially unsafe scripts found. These should be reviewed for safety Module name: monorepo-symlink-test Type: postinstall

The above output informs us that the monorepo-symlink-test is running a postinstall script, so we should review that, and ensure that it is safe.

Negative report example:

No potentially unsafe scripts found.

No modules in the project are currently using scripts which could be used maliciously.

About

Identify potentially malicious npm scripts in a project.

www.npmjs.com/package/npm-viewscripts

Resources

Readme

License

MIT license
Activity

Stars

9 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages