Skip to content

Scans your computer for node modules that are potentially vulnerable to supply chain attacks. You still need to review the code of modules that are not vulnerable, but this helps.

License

Notifications You must be signed in to change notification settings

RIAEvangelist/is-my-node-supply-chain-secure

Repository files navigation

is-my-node-supply-chain-secure

Scans your computer for node modules that are potentially vulnerable to supply chain attacks. You still need to review the code of modules that are not vulnerable, but this helps.

Holy crap... after scanning my own computer... I CAN NOT BELIEVE how many vulnerabilities there are. If we don't all start to lock our dependencies, the global economy and tech infrastructure could be tanked in a day or two through a self-replicating drive wipe which has a delay on self-activation. This IS SO DANGEROUS!

See if you are at risk by cloning this repo and running node index.js from the root of the cloned dir.

I was shocked. I will continue to add better reporting as I have time. I need to go walk my dog now, there is more to life than this, but if we don't treat this all with respect and start being security conscious when a war breaks out, it will be all of our faults that the global economy and tech sectors go DOWN like the Hindenburg.

Let's try to learn from the past, not repeat it.

hindenburg

About

Scans your computer for node modules that are potentially vulnerable to supply chain attacks. You still need to review the code of modules that are not vulnerable, but this helps.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published