sdc-check

This small tool helps you identify potential risks in your project dependencies list: - Lock file is not safe (lockfile-is-not-safe): During development, a malicious actor could alter URLs in a lock file to point to packages containing malicious code. This is particularly dangerous because it can be difficult to detect during a pull request review. - The newest package version is too new (package-is-too-new): A recently released version of a package might have vulnerabilities.

It might be safer to wait X days before upgrading to the new version and allow the community to test it. - Installation Script (install-scripts): An attacker can exploit installation scripts to execute commands that carry out malicious actions during the package installation process. - Obfuscated Code (obfuscated-code): A package may contain obfuscated code, which could indicate an attempt to conceal potentially harmful code. - A Package Has OS Scripts (has-os-scripts): An attacker can utilize .bat/.sh scripts to perform malicious activities, such as downloading and launching mining applications, among other actions. - A Package Script Has Shell Commands (dangerous-shell-commands): The package script might include potentially harmful shell commands that can execute malicious actions (e.g., curl, wget, chmod, cacls, etc). - The Newest Package Version Is Released After