==========================================
  NPM / Node.js Security Check
==========================================
Hostname : sys-apps
Date     : Fri Apr 17 09:26:55 PM UTC 2026
Log file : npm_security_check_sys-apps_20260417_212655.log

==========================================
1. Global npm packages
==========================================
@anthropic-ai/claude-code@2.1.113
✓ No suspicious global packages

==========================================
2. Malicious package names in lock files
==========================================
Scanning 1 lock file(s)...
✓ No known-malicious package names found

==========================================
3. Running Node/Next.js processes
==========================================
root        1915  0.0  0.0    860   508 ?        Ss   Apr05   0:35 /sbin/tini -- node index.js
root        2398  0.0  0.2 690020 17320 ?        Sl   Apr05   0:03 node index.js
root        4650  0.0  0.3 1293252 28116 ?       Sl   Apr05   8:52 node /app/server.js
root      610442  0.0  0.0   2144  1160 ?        Ss   Apr16   0:00 /usr/bin/dumb-init -- extra/entrypoint.sh node server/server.js
root      610539  0.5  1.8 11511400 152768 ?     Ssl  Apr16   7:36 node server/server.js
pdm      1369218  0.0  4.2 27768236 342100 ?     Ssl  Apr05  17:08 node /usr/bin/n8n
pdm      1369306  0.0  1.2 9936264 98068 ?       Sl   Apr05  11:03 node --disallow-code-generation-from-strings --disable-proto=delete /usr/lib/node_modules/n8n/node_modules/@n8n/task-runner/dist/start.js
pdm      2793084  0.0  0.0   7340  3752 pts/0    S+   21:26   0:00 bash npm-security-check.sh
pdm      2793842  0.0  0.0   7340  1920 pts/0    S+   21:27   0:00 bash npm-security-check.sh
✓ PID 1915 runs as root but is inside a Docker container (normal)
✓ PID 2398 runs as root but is inside a Docker container (normal)
✓ PID 4650 runs as root but is inside a Docker container (normal)
✓ PID 610442 runs as root but is inside a Docker container (normal)
✓ PID 610539 runs as root but is inside a Docker container (normal)

==========================================
4. Node process network connections
==========================================
✓ No established TCP connections from node processes

==========================================
5. Known C2 / malware indicators
==========================================
✓ No connections to known C2 infrastructure

==========================================
6. Suspicious process names
==========================================
✓ No suspicious process names

==========================================
7. Suspicious files in /tmp and /dev/shm
==========================================
✓ Temp directory scan complete

==========================================
8. npm configuration
==========================================
prefix=~/.npm-global
✓ .npmrc uses official registry

==========================================
9. Docker containers
==========================================
NAMES                       IMAGE                                                     STATUS
igotify                     ghcr.io/androidseb25/igotify-notification-assist:latest   Up 23 hours
gotify                      gotify/server                                             Up 23 hours (healthy)
uptime-kuma                 louislam/uptime-kuma:latest                               Up 23 hours (healthy)
Shlink-Web                  shlinkio/shlink-web-client:3.10.1                         Up 23 hours
Shlink                      shlinkio/shlink:stable                                    Up 23 hours
Shlink-DB                   postgres:17                                               Up 23 hours
heimdall                    lscr.io/linuxserver/heimdall:latest                       Up 23 hours
mermaid                     ghcr.io/mermaid-js/mermaid-live-editor                    Up 5 days
netbox-netbox-worker-1      netboxcommunity/netbox:v4.4-3.4.1                         Up 12 days (healthy)
netbox-netbox-1             netboxcommunity/netbox:v4.4-3.4.1                         Up 12 days (healthy)
netbox-postgres-1           postgres:17-alpine                                        Up 12 days (healthy)
netbox-redis-1              valkey/valkey:8.1-alpine                                  Up 12 days (healthy)
netbox-redis-cache-1        valkey/valkey:8.1-alpine                                  Up 12 days (healthy)
task_server-tasks-1         task_server-tasks                                         Up 12 days
task_server-database-1      postgres:16                                               Up 12 days
flash_server-flashcards-1   flash_server-flashcards                                   Up 12 days
flash_server-database-1     postgres:16                                               Up 12 days
mosquitto                   eclipse-mosquitto:latest                                  Up 12 days
nebula-sync                 ghcr.io/lovelaze/nebula-sync:latest                       Up 12 days (healthy)
zigbee2mqtt                 ghcr.io/koenkk/zigbee2mqtt                                Up 12 days
portainer                   portainer/portainer-ce:latest                             Up 12 days
homarr                      ghcr.io/ajnart/homarr:latest                              Up 12 days (healthy)
✓ All containers use named images

==========================================
10. Bash history — suspicious patterns
==========================================
✓ No obviously suspicious history entries

==========================================
SUMMARY
==========================================
Scan completed at: Fri Apr 17 09:27:19 PM UTC 2026
Results saved to : npm_security_check_sys-apps_20260417_212655.log

✓ All checks passed — no indicators of compromise