npm config checker

npm-security-check-cron.log

@@ -0,0 +1,104 @@
+==========================================
+  NPM / Node.js Security Check
+==========================================
+Hostname : sys-apps
+Date     : Sat Apr 18 08:00:01 AM UTC 2026
+Log file : npm_security_check_sys-apps_20260418_080001.log
+
+==========================================
+1. Global npm packages
+==========================================
+@anthropic-ai/claude-code@2.1.113
+✓ No suspicious global packages
+
+==========================================
+2. Malicious package names in lock files
+==========================================
+Scanning 1 lock file(s)...
+✓ No known-malicious package names found
+
+==========================================
+3. Running Node/Next.js processes
+==========================================
+root        1915  0.0  0.0    860   508 ?        Ss   Apr05   0:36 /sbin/tini -- node index.js
+root        2398  0.0  0.2 690020 17264 ?        Sl   Apr05   0:03 node index.js
+root        4650  0.0  0.3 1288132 25096 ?       Sl   Apr05   9:02 node /app/server.js
+root      610442  0.0  0.0   2144  1160 ?        Ss   Apr16   0:00 /usr/bin/dumb-init -- extra/entrypoint.sh node server/server.js
+root      610539  0.5  1.8 11512020 154144 ?     Ssl  Apr16  10:24 node server/server.js
+pdm      1369218  0.0  4.1 27772588 336188 ?     Ssl  Apr05  17:29 node /usr/bin/n8n
+pdm      1369306  0.0  1.1 9936264 96216 ?       Sl   Apr05  11:18 node --disallow-code-generation-from-strings --disable-proto=delete /usr/lib/node_modules/n8n/node_modules/@n8n/task-runner/dist/start.js
+pdm      3861265  0.0  0.0   2800  1856 ?        Ss   08:00   0:00 /bin/sh -c /home/pdm/security-tools/npm-security-check.sh >> /home/pdm/security-tools/npm-security-check-cron.log 2>&1
+pdm      3861266  0.0  0.0   7340  3732 ?        S    08:00   0:00 bash /home/pdm/security-tools/npm-security-check.sh
+pdm      3864276  0.0  0.0   7340  1912 ?        S    08:01   0:00 bash /home/pdm/security-tools/npm-security-check.sh
+✓ PID 1915 runs as root but is inside a Docker container (normal)
+✓ PID 2398 runs as root but is inside a Docker container (normal)
+✓ PID 4650 runs as root but is inside a Docker container (normal)
+✓ PID 610442 runs as root but is inside a Docker container (normal)
+✓ PID 610539 runs as root but is inside a Docker container (normal)
+
+==========================================
+4. Node process network connections
+==========================================
+✓ No established TCP connections from node processes
+
+==========================================
+5. Known C2 / malware indicators
+==========================================
+✓ No connections to known C2 infrastructure
+
+==========================================
+6. Suspicious process names
+==========================================
+✓ No suspicious process names
+
+==========================================
+7. Suspicious files in /tmp and /dev/shm
+==========================================
+✓ Temp directory scan complete
+
+==========================================
+8. npm configuration
+==========================================
+prefix=~/.npm-global
+✓ .npmrc uses official registry
+
+==========================================
+9. Docker containers
+==========================================
+NAMES                       IMAGE                                                     STATUS
+igotify                     ghcr.io/androidseb25/igotify-notification-assist:latest   Up 34 hours
+gotify                      gotify/server                                             Up 34 hours (healthy)
+uptime-kuma                 louislam/uptime-kuma:latest                               Up 34 hours (healthy)
+Shlink-Web                  shlinkio/shlink-web-client:3.10.1                         Up 34 hours
+Shlink                      shlinkio/shlink:stable                                    Up 34 hours
+Shlink-DB                   postgres:17                                               Up 34 hours
+heimdall                    lscr.io/linuxserver/heimdall:latest                       Up 34 hours
+mermaid                     ghcr.io/mermaid-js/mermaid-live-editor                    Up 6 days
+netbox-netbox-worker-1      netboxcommunity/netbox:v4.4-3.4.1                         Up 13 days (healthy)
+netbox-netbox-1             netboxcommunity/netbox:v4.4-3.4.1                         Up 13 days (healthy)
+netbox-postgres-1           postgres:17-alpine                                        Up 13 days (healthy)
+netbox-redis-1              valkey/valkey:8.1-alpine                                  Up 13 days (healthy)
+netbox-redis-cache-1        valkey/valkey:8.1-alpine                                  Up 13 days (healthy)
+task_server-tasks-1         task_server-tasks                                         Up 13 days
+task_server-database-1      postgres:16                                               Up 13 days
+flash_server-flashcards-1   flash_server-flashcards                                   Up 13 days
+flash_server-database-1     postgres:16                                               Up 13 days
+mosquitto                   eclipse-mosquitto:latest                                  Up 13 days
+nebula-sync                 ghcr.io/lovelaze/nebula-sync:latest                       Up 13 days (healthy)
+zigbee2mqtt                 ghcr.io/koenkk/zigbee2mqtt                                Up 13 days
+portainer                   portainer/portainer-ce:latest                             Up 13 days
+homarr                      ghcr.io/ajnart/homarr:latest                              Up 13 days (healthy)
+✓ All containers use named images
+
+==========================================
+10. Bash history — suspicious patterns
+==========================================
+✓ No obviously suspicious history entries
+
+==========================================
+SUMMARY
+==========================================
+Scan completed at: Sat Apr 18 08:01:50 AM UTC 2026
+Results saved to : npm_security_check_sys-apps_20260418_080001.log
+
+✓ All checks passed — no indicators of compromise