Shai-Hulud / Sha1-Hulud - how can I tell whether my NR is affected

Hi There,

Is there any test to check whether my NR installation has been affected by this attack?

I was reading the GitLab write up but it doesn't clearly state how to detect an infection.\

Is there something simple shell command that locates affected packages in my NR installation?

cheers!

Is this clip related?

Or this one?

is that shell command in either of those clips?

AFAIK they are just youtube clips talking of the latest NPM problem.

OK the gitlab describes some indicators:

Indicators of compromise

To aid in detection and response, here is a more comprehensive list of the key indicators of compromise (IoCs) identified during our analysis.
Type 	Indicator 	Description
file 	bun_environment.js 	Malicious post-install script in node_modules directories
directory 	.truffler-cache/ 	Hidden directory created in user home for Trufflehog binary storage
directory 	.truffler-cache/extract/ 	Temporary directory used for binary extraction
file 	.truffler-cache/trufflehog 	Downloaded Trufflehog binary (Linux/Mac)
file 	.truffler-cache/trufflehog.exe 	Downloaded Trufflehog binary (Windows)
process 	del /F /Q /S "%USERPROFILE%*" 	Windows destructive payload command
process 	shred -uvz -n 1 	Linux/Mac destructive payload command
process 	cipher /W:%USERPROFILE% 	Windows secure deletion command in payload
command 	curl -fsSL https://bun.sh/install | bash 	Suspicious Bun installation during NPM package install
command 	powershell -c "irm bun.sh/install.ps1|iex" 	Windows Bun installation via PowerShell