DiegoFleitas · March 31, 2026 21:10 · DiegoFleitas · Mar 31, 2026
diff --git a/check-axios-compromise.sh b/check-axios-compromise.sh
 #!/usr/bin/env bash
 set -euo pipefail

 bad=0

 echo "== lockfiles =="
 find . -type f \( -name "package-lock.json" -o -name "pnpm-lock.yaml" -o -name "yarn.lock" -o -name "bun.lockb" \) -print0 |
 while IFS= read -r -d '' f; do
  if [[ "$f" == *.lockb ]]; then
    if strings "$f" | grep -E 'axios@1\.14\.1|axios@0\.30\.4|plain-crypto-js@4\.2\.1' >/dev/null; then
      echo "suspicious lockfile: $f"
      bad=1
    fi
  else
    if grep -E 'axios(@|":\s*")[^[:digit:]]*1\.14\.1|axios(@|":\s*")[^[:digit:]]*0\.30\.4|plain-crypto-js([^[:digit:]]|@)4\.2\.1' "$f" >/dev/null; then
      echo "suspicious lockfile: $f"
      bad=1
    fi
  fi
 done

 echo "== node_modules =="
 if [ -d node_modules ]; then
  grep -R "plain-crypto-js" node_modules >/dev/null 2>&1 && { echo "found plain-crypto-js in node_modules"; bad=1; }
 fi

 echo "== host artifacts =="
 [ -e /tmp/ld.py ] && { echo "found /tmp/ld.py"; bad=1; }
 [ -e /Library/Caches/com.apple.act.mond ] && { echo "found /Library/Caches/com.apple.act.mond"; bad=1; }

 if command -v pwsh >/dev/null 2>&1; then
  pwsh -NoProfile -Command 'if (Test-Path "$env:PROGRAMDATA\wt.exe") { exit 10 } else { exit 0 }' \
    && true || { rc=$?; [ "$rc" = "10" ] && echo 'found %PROGRAMDATA%\wt.exe' && bad=1; }
 fi

 echo "== git history =="
 git rev-list --all 2>/dev/null | while read -r rev; do
  for f in package-lock.json pnpm-lock.yaml yarn.lock bun.lockb; do
    if git cat-file -e "${rev}:${f}" 2>/dev/null; then
      if [[ "$f" == "bun.lockb" ]]; then
        git show "${rev}:${f}" | strings | grep -E 'axios@1\.14\.1|axios@0\.30\.4|plain-crypto-js@4\.2\.1' >/dev/null \
          && { echo "historical hit: $rev $f"; bad=1; }
      else
        git show "${rev}:${f}" | grep -E 'axios(@|":\s*")[^[:digit:]]*1\.14\.1|axios(@|":\s*")[^[:digit:]]*0\.30\.4|plain-crypto-js([^[:digit:]]|@)4\.2\.1' >/dev/null \
          && { echo "historical hit: $rev $f"; bad=1; }
      fi
    fi
  done
 done

 if [ "${bad}" -eq 0 ]; then
  echo "no known indicators found"
 else
  echo "known indicators found; rotate secrets and rebuild from clean state"
  exit 1
 fi
	#!/usr/bin/env bash
	set -euo pipefail

	bad=0

	echo "== lockfiles =="
	find . -type f \( -name "package-lock.json" -o -name "pnpm-lock.yaml" -o -name "yarn.lock" -o -name "bun.lockb" \) -print0 \|
	while IFS= read -r -d '' f; do
	if [[ "$f" == *.lockb ]]; then
	if strings "$f" \| grep -E 'axios@1\.14\.1\|axios@0\.30\.4\|plain-crypto-js@4\.2\.1' >/dev/null; then
	echo "suspicious lockfile: $f"
	bad=1
	fi
	else
	if grep -E 'axios(@\|":\s")[^[:digit:]]1\.14\.1\|axios(@\|":\s")[^[:digit:]]0\.30\.4\|plain-crypto-js([^[:digit:]]\|@)4\.2\.1' "$f" >/dev/null; then
	echo "suspicious lockfile: $f"
	bad=1
	fi
	fi
	done

	echo "== node_modules =="
	if [ -d node_modules ]; then
	grep -R "plain-crypto-js" node_modules >/dev/null 2>&1 && { echo "found plain-crypto-js in node_modules"; bad=1; }
	fi

	echo "== host artifacts =="
	[ -e /tmp/ld.py ] && { echo "found /tmp/ld.py"; bad=1; }
	[ -e /Library/Caches/com.apple.act.mond ] && { echo "found /Library/Caches/com.apple.act.mond"; bad=1; }

	if command -v pwsh >/dev/null 2>&1; then
	pwsh -NoProfile -Command 'if (Test-Path "$env:PROGRAMDATA\wt.exe") { exit 10 } else { exit 0 }' \
	&& true \|\| { rc=$?; [ "$rc" = "10" ] && echo 'found %PROGRAMDATA%\wt.exe' && bad=1; }
	fi

	echo "== git history =="
	git rev-list --all 2>/dev/null \| while read -r rev; do
	for f in package-lock.json pnpm-lock.yaml yarn.lock bun.lockb; do
	if git cat-file -e "${rev}:${f}" 2>/dev/null; then
	if [[ "$f" == "bun.lockb" ]]; then
	git show "${rev}:${f}" \| strings \| grep -E 'axios@1\.14\.1\|axios@0\.30\.4\|plain-crypto-js@4\.2\.1' >/dev/null \
	&& { echo "historical hit: $rev $f"; bad=1; }
	else
	git show "${rev}:${f}" \| grep -E 'axios(@\|":\s")[^[:digit:]]1\.14\.1\|axios(@\|":\s")[^[:digit:]]0\.30\.4\|plain-crypto-js([^[:digit:]]\|@)4\.2\.1' >/dev/null \
	&& { echo "historical hit: $rev $f"; bad=1; }
	fi
	fi
	done
	done

	if [ "${bad}" -eq 0 ]; then
	echo "no known indicators found"
	else
	echo "known indicators found; rotate secrets and rebuild from clean state"
	exit 1
	fi
No results found