6.0 KiB
6.0 KiB
==========================================
NPM / Node.js Security Check
==========================================
Hostname : sys-apps
Date : Sat Apr 18 08:00:01 AM UTC 2026
Log file : npm_security_check_sys-apps_20260418_080001.log
==========================================
1. Global npm packages
==========================================
@anthropic-ai/claude-code@2.1.113
✓ No suspicious global packages
==========================================
2. Malicious package names in lock files
==========================================
Scanning 1 lock file(s)...
✓ No known-malicious package names found
==========================================
3. Running Node/Next.js processes
==========================================
root 1915 0.0 0.0 860 508 ? Ss Apr05 0:36 /sbin/tini -- node index.js
root 2398 0.0 0.2 690020 17264 ? Sl Apr05 0:03 node index.js
root 4650 0.0 0.3 1288132 25096 ? Sl Apr05 9:02 node /app/server.js
root 610442 0.0 0.0 2144 1160 ? Ss Apr16 0:00 /usr/bin/dumb-init -- extra/entrypoint.sh node server/server.js
root 610539 0.5 1.8 11512020 154144 ? Ssl Apr16 10:24 node server/server.js
pdm 1369218 0.0 4.1 27772588 336188 ? Ssl Apr05 17:29 node /usr/bin/n8n
pdm 1369306 0.0 1.1 9936264 96216 ? Sl Apr05 11:18 node --disallow-code-generation-from-strings --disable-proto=delete /usr/lib/node_modules/n8n/node_modules/@n8n/task-runner/dist/start.js
pdm 3861265 0.0 0.0 2800 1856 ? Ss 08:00 0:00 /bin/sh -c /home/pdm/security-tools/npm-security-check.sh >> /home/pdm/security-tools/npm-security-check-cron.log 2>&1
pdm 3861266 0.0 0.0 7340 3732 ? S 08:00 0:00 bash /home/pdm/security-tools/npm-security-check.sh
pdm 3864276 0.0 0.0 7340 1912 ? S 08:01 0:00 bash /home/pdm/security-tools/npm-security-check.sh
✓ PID 1915 runs as root but is inside a Docker container (normal)
✓ PID 2398 runs as root but is inside a Docker container (normal)
✓ PID 4650 runs as root but is inside a Docker container (normal)
✓ PID 610442 runs as root but is inside a Docker container (normal)
✓ PID 610539 runs as root but is inside a Docker container (normal)
==========================================
4. Node process network connections
==========================================
✓ No established TCP connections from node processes
==========================================
5. Known C2 / malware indicators
==========================================
✓ No connections to known C2 infrastructure
==========================================
6. Suspicious process names
==========================================
✓ No suspicious process names
==========================================
7. Suspicious files in /tmp and /dev/shm
==========================================
✓ Temp directory scan complete
==========================================
8. npm configuration
==========================================
prefix=~/.npm-global
✓ .npmrc uses official registry
==========================================
9. Docker containers
==========================================
NAMES IMAGE STATUS
igotify ghcr.io/androidseb25/igotify-notification-assist:latest Up 34 hours
gotify gotify/server Up 34 hours (healthy)
uptime-kuma louislam/uptime-kuma:latest Up 34 hours (healthy)
Shlink-Web shlinkio/shlink-web-client:3.10.1 Up 34 hours
Shlink shlinkio/shlink:stable Up 34 hours
Shlink-DB postgres:17 Up 34 hours
heimdall lscr.io/linuxserver/heimdall:latest Up 34 hours
mermaid ghcr.io/mermaid-js/mermaid-live-editor Up 6 days
netbox-netbox-worker-1 netboxcommunity/netbox:v4.4-3.4.1 Up 13 days (healthy)
netbox-netbox-1 netboxcommunity/netbox:v4.4-3.4.1 Up 13 days (healthy)
netbox-postgres-1 postgres:17-alpine Up 13 days (healthy)
netbox-redis-1 valkey/valkey:8.1-alpine Up 13 days (healthy)
netbox-redis-cache-1 valkey/valkey:8.1-alpine Up 13 days (healthy)
task_server-tasks-1 task_server-tasks Up 13 days
task_server-database-1 postgres:16 Up 13 days
flash_server-flashcards-1 flash_server-flashcards Up 13 days
flash_server-database-1 postgres:16 Up 13 days
mosquitto eclipse-mosquitto:latest Up 13 days
nebula-sync ghcr.io/lovelaze/nebula-sync:latest Up 13 days (healthy)
zigbee2mqtt ghcr.io/koenkk/zigbee2mqtt Up 13 days
portainer portainer/portainer-ce:latest Up 13 days
homarr ghcr.io/ajnart/homarr:latest Up 13 days (healthy)
✓ All containers use named images
==========================================
10. Bash history — suspicious patterns
==========================================
✓ No obviously suspicious history entries
==========================================
SUMMARY
==========================================
Scan completed at: Sat Apr 18 08:01:50 AM UTC 2026
Results saved to : npm_security_check_sys-apps_20260418_080001.log
✓ All checks passed — no indicators of compromise
NPM / Node.js Security Check
==========================================
Hostname : sys-apps
Date : Sat Apr 18 08:00:01 AM UTC 2026
Log file : npm_security_check_sys-apps_20260418_080001.log
==========================================
1. Global npm packages
==========================================
@anthropic-ai/claude-code@2.1.113
✓ No suspicious global packages
==========================================
2. Malicious package names in lock files
==========================================
Scanning 1 lock file(s)...
✓ No known-malicious package names found
==========================================
3. Running Node/Next.js processes
==========================================
root 1915 0.0 0.0 860 508 ? Ss Apr05 0:36 /sbin/tini -- node index.js
root 2398 0.0 0.2 690020 17264 ? Sl Apr05 0:03 node index.js
root 4650 0.0 0.3 1288132 25096 ? Sl Apr05 9:02 node /app/server.js
root 610442 0.0 0.0 2144 1160 ? Ss Apr16 0:00 /usr/bin/dumb-init -- extra/entrypoint.sh node server/server.js
root 610539 0.5 1.8 11512020 154144 ? Ssl Apr16 10:24 node server/server.js
pdm 1369218 0.0 4.1 27772588 336188 ? Ssl Apr05 17:29 node /usr/bin/n8n
pdm 1369306 0.0 1.1 9936264 96216 ? Sl Apr05 11:18 node --disallow-code-generation-from-strings --disable-proto=delete /usr/lib/node_modules/n8n/node_modules/@n8n/task-runner/dist/start.js
pdm 3861265 0.0 0.0 2800 1856 ? Ss 08:00 0:00 /bin/sh -c /home/pdm/security-tools/npm-security-check.sh >> /home/pdm/security-tools/npm-security-check-cron.log 2>&1
pdm 3861266 0.0 0.0 7340 3732 ? S 08:00 0:00 bash /home/pdm/security-tools/npm-security-check.sh
pdm 3864276 0.0 0.0 7340 1912 ? S 08:01 0:00 bash /home/pdm/security-tools/npm-security-check.sh
✓ PID 1915 runs as root but is inside a Docker container (normal)
✓ PID 2398 runs as root but is inside a Docker container (normal)
✓ PID 4650 runs as root but is inside a Docker container (normal)
✓ PID 610442 runs as root but is inside a Docker container (normal)
✓ PID 610539 runs as root but is inside a Docker container (normal)
==========================================
4. Node process network connections
==========================================
✓ No established TCP connections from node processes
==========================================
5. Known C2 / malware indicators
==========================================
✓ No connections to known C2 infrastructure
==========================================
6. Suspicious process names
==========================================
✓ No suspicious process names
==========================================
7. Suspicious files in /tmp and /dev/shm
==========================================
✓ Temp directory scan complete
==========================================
8. npm configuration
==========================================
prefix=~/.npm-global
✓ .npmrc uses official registry
==========================================
9. Docker containers
==========================================
NAMES IMAGE STATUS
igotify ghcr.io/androidseb25/igotify-notification-assist:latest Up 34 hours
gotify gotify/server Up 34 hours (healthy)
uptime-kuma louislam/uptime-kuma:latest Up 34 hours (healthy)
Shlink-Web shlinkio/shlink-web-client:3.10.1 Up 34 hours
Shlink shlinkio/shlink:stable Up 34 hours
Shlink-DB postgres:17 Up 34 hours
heimdall lscr.io/linuxserver/heimdall:latest Up 34 hours
mermaid ghcr.io/mermaid-js/mermaid-live-editor Up 6 days
netbox-netbox-worker-1 netboxcommunity/netbox:v4.4-3.4.1 Up 13 days (healthy)
netbox-netbox-1 netboxcommunity/netbox:v4.4-3.4.1 Up 13 days (healthy)
netbox-postgres-1 postgres:17-alpine Up 13 days (healthy)
netbox-redis-1 valkey/valkey:8.1-alpine Up 13 days (healthy)
netbox-redis-cache-1 valkey/valkey:8.1-alpine Up 13 days (healthy)
task_server-tasks-1 task_server-tasks Up 13 days
task_server-database-1 postgres:16 Up 13 days
flash_server-flashcards-1 flash_server-flashcards Up 13 days
flash_server-database-1 postgres:16 Up 13 days
mosquitto eclipse-mosquitto:latest Up 13 days
nebula-sync ghcr.io/lovelaze/nebula-sync:latest Up 13 days (healthy)
zigbee2mqtt ghcr.io/koenkk/zigbee2mqtt Up 13 days
portainer portainer/portainer-ce:latest Up 13 days
homarr ghcr.io/ajnart/homarr:latest Up 13 days (healthy)
✓ All containers use named images
==========================================
10. Bash history — suspicious patterns
==========================================
✓ No obviously suspicious history entries
==========================================
SUMMARY
==========================================
Scan completed at: Sat Apr 18 08:01:50 AM UTC 2026
Results saved to : npm_security_check_sys-apps_20260418_080001.log
✓ All checks passed — no indicators of compromise