Search your drive (not mounts) for compromised versions of litellm and axios.

Please comment if you see anything wrong or ways these can be improved!

LiteLLM: find / \( -type d -name "litellm-.dist-info" -o -name "litellm_init.pth" \) 2>/dev/null \ | while read d; do case "$d" in dist-info) v=$(echo "$d" | sed 's/.litellm-\(.\)\.dist-info/\1/') if echo "$v" | grep -qE '^1\.82\.(7|8)$'; then echo "COMPROMISED: $d -> litellm $v" else echo "CLEAN: $d -> litellm $v" fi ;; pth) echo "COMPROMISED: malicious .pth file found at $d" ;; esac done

Example output: CLEAN: /System/Volumes/Data/Users/johndamask/code/my-own-agents-shove-it/openai-agents-sdk/thebostonwrongs/.venv/lib/python3.12/site-packages/litellm-1.67.5.dist-info -> litellm 1.67.5 CLEAN: /System/Volumes/Data/Users/johndamask/code/ai-evals-course/recipe-chatbot-langchain/.venv/lib/python3.12/site-packages/litellm-1.78.5.dist-info -> litellm 1.78.5 CLEAN: /System/Volumes/Data/Users/johndamask/code/ai-evals-course/recipe-chatbot/.venv/lib/python3.12/site-packages/litellm-1.73.6.dist-info -> litellm 1.73.6

Axios: find . -path "/node_modules/axios/package.json" 2>/dev/null \ | while read f; do v=$(grep '"version"' "$f" | head -1 | sed 's/.: "\(.\)"./\1/') dir=$(dirname "$f") if echo "$v" | grep -qE '^(1\.14\.1|0\.30\.4)$'; then echo "COMPROMISED: $dir -> axios $v" else echo "CLEAN: $dir -> axios $v" fi done