Scanning script to find infected @3.7.2 installations (#39)

[brownstein]

#39 is locked, but I'd like to contribute a quick gist we wrote to find compromised local installs. Is there a way we can get https://gist.github.com/brownstein/8aaade4953807f512d416da0c6a5a5f6 into the comments for said issue to help effected developers identify whether or not they are compromised?

If so, please merge into the main thread and remove this issue. Thanks!

[khromov]

Here's a quick and dirty guide to find if you have the infected package:

First make sure the locate command database is updated:

OSX

sudo /usr/libexec/locate.updatedb # Update locate command

Most Linux flavors

updatedb

Now look for the package on your machine:

locate eslint-scope

Under each eslint-scope folder, check for eslint-scope/package.json, make sure that "version": "3.7.2" does not appear in the file:

cat <your-path>/eslint-scope/package.json | grep version

[ceceshao1]

One of our full-stack developers also wrote out a script to conduct a check: https://medium.com/comet-ml/detect-eslint-malicious-packages-infection-8a9110080a24

[not-an-aardvark]

Thanks for the scripts. Closing this issue since the issue was linked here: #39 (comment)