Recursive NPM vulnerability scanner

This CLI tool scans your npm dependencies for known vulnerable packages, including:

1. S1ngularity/nx supply chain attack - 182 malicious packages

   • Source: S1ngularity/nx attackers strike again
   • Packages with malicious code injected through compromised npm accounts

2. React Server Components RCE vulnerability - Critical remote code execution

   • CVE: Critical security vulnerability in React Server Components
   • Source: React Official Security Advisory
   • Affected packages: react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack (versions 19.0.0 through 19.2.0)

By default, it goes through all your directories in your local ~/git folder looking for package.json and lock files and checking the package versions.

Usage

# Scan the default ~/git directory
./npm-check

# Scan a specific directory
./npm-check -dir /path/to/your/projects

# Scan current directory (shorthand)
./npm-check -d .

# Show help
./npm-check -h

Building

This project includes build scripts for cross-compilation to all major platforms and architectures.

Using the Build Script (Unix/Linux/macOS)

# Make the script executable (first time only)
chmod +x build.sh

# Build for all platforms
./build.sh

# Build with a specific version
VERSION=v1.0.0 ./build.sh