js-kyle
diff --git a/‎LICENSE
Lines changed: 21 additions & 0 deletions b/‎LICENSE
Lines changed: 21 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 62 additions & 0 deletions b/‎README.md
Lines changed: 62 additions & 0 deletions
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 Kyle Martin
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
@@ -0,0 +1,62 @@
+
+<h1 align="center">
+  <br>
+  npm-viewscripts
+  <br>
+</h1>
+
+<h4 align="center">Identify potentially malicious npm scripts in a project.</h4>
+<p align="center">
+    <img alt="GitHub" src="https://img.shields.io/github/license/js-kyle/npm-viewscripts.svg">
+    <img alt="NPM" src="https://img.shields.io/npm/v/npm-viewscripts.svg">
+</p>
+
+
+## Overview
+
+This project is a Node.js CLI tool to identify which of a project's existing dependencies are utilising npm lifecycle scripts, which _could_ be malicious.
+
+The currently configured npm scripts the tool will identify are:
+`preinstall`, `postintall`, `preuninstall`, `postuninstall`
+
+**Note: This project is to educate, so should not be used as a complete npm security solution.**
+
+## Installation
+
+```
+# install globally, using npm
+$ npm install npm-viewscripts -g
+
+# Run the cli on a project
+$ cd my-node-project
+$ npm install
+$ npm-viewscripts
+```
+
+## Usage
+
+```
+$ npm-viewscripts
+
+  Usage
+    $ npm-viewscripts [path]
+
+  Options
+    path  Modules folder  [Default: node_modules]
+```
+
+## Understanding the result
+Positive report example:
+```
+Potentially unsafe scripts found. These should be reviewed for safety
+Module name: monorepo-symlink-test Type: postinstall
+```
+The above output informs us that the `monorepo-symlink-test` is running a `postinstall` script, so we should review that, and ensure that it is safe.
+
+Negative report example:
+```
+No potentially unsafe scripts found.
+```
+No modules in the project are _currently_ using scripts which could be used maliciously.
+
+