Removing a trojan infected node module


#1

Background

The origin of this conversation:

Infected node module - what now?

The question arise on what to do, to rid a computer of a node module that is identified as infected.

Specific to the case the answer given by @DamnedScholar
( The event-stream incident and the Atom team's response)

Continuation of the conversation

On the package that was identified, I have deleted the node_modules/ directory. Only for the effected package.

Opening Atom, the package is now reported as not working properly. Executing npm install on a system that does not have node globally installed, is of no help. Executing npm install from the Atom ..\atom\bin directory does not produce any results either.

Executing an update of dependencies from inside Atom, does not update the package to replace the node_modules/ directory and the node modules.
image

Executing apm install process-palette does have a result. BUT now is the question - which version of the event-stream package is loaded? A pre-packaged version or the current version from NPM?


#2

Should be the current version. The point of npm install (which apm install mirrors and, without a package name, functions identically to) is to pull the latest dependencies that match the package.json. The malicious code has been purged from the NPM registry completely, so all downloads of flatmap_stream after the people at NPM put the fix in have been of the most recent version before the malicious code.


#3

Please do a sanity check. Could you execute your suggested steps on your PC to tell me the result. These steps does not have the wanted effect on my PC.

  1. Choose a Atom package to work on.

  2. Delete the node_modules directory within the package.

  3. (keeping it “Atom”) Execute apm install from the command line.

  4. Check if the node_modules directory has been replaced.

Thanks for your attention.


#4

This is what happens for me.

C:\Users\stick\.atom\packages\atom-notes  (lexicalunit@1.19.7)
λ dir
 Volume in drive C is Acer
 Volume Serial Number is 1C74-77C4

 Directory of C:\Users\stick\.atom\packages\atom-notes

12/05/2018  11:15 PM    <DIR>          .
12/05/2018  11:15 PM    <DIR>          ..
09/11/2018  09:15 AM             6,738 .all-contributorsrc
09/11/2018  09:15 AM    <DIR>          .circleci
09/11/2018  09:15 AM               221 .eslintrc.js
09/11/2018  09:15 AM                65 .npmignore
09/11/2018  09:15 AM            12,228 .nvatom-all-contributorsrc
09/11/2018  09:15 AM               638 .travis.yml
09/11/2018  09:15 AM               454 appveyor.yml
09/11/2018  09:15 AM    <DIR>          lib
09/11/2018  09:15 AM             1,108 LICENSE.md
09/11/2018  09:15 AM    <DIR>          menus
09/11/2018  09:15 AM    <DIR>          notebook
12/05/2018  11:14 PM            80,539 package-lock.json
09/11/2018  09:15 AM            33,866 package.json
09/11/2018  09:15 AM            29,862 README.md
09/11/2018  09:15 AM    <DIR>          spec
09/11/2018  09:15 AM    <DIR>          styles
              10 File(s)        165,719 bytes
               8 Dir(s)  137,155,895,296 bytes free

C:\Users\stick\.atom\packages\atom-notes  (lexicalunit@1.19.7)
λ apm install
Installing modules done

C:\Users\stick\.atom\packages\atom-notes  (lexicalunit@1.19.7)
λ dir
 Volume in drive C is Acer
 Volume Serial Number is 1C74-77C4

 Directory of C:\Users\stick\.atom\packages\atom-notes

12/05/2018  11:15 PM    <DIR>          .
12/05/2018  11:15 PM    <DIR>          ..
09/11/2018  09:15 AM             6,738 .all-contributorsrc
09/11/2018  09:15 AM    <DIR>          .circleci
09/11/2018  09:15 AM               221 .eslintrc.js
09/11/2018  09:15 AM                65 .npmignore
09/11/2018  09:15 AM            12,228 .nvatom-all-contributorsrc
09/11/2018  09:15 AM               638 .travis.yml
09/11/2018  09:15 AM               454 appveyor.yml
09/11/2018  09:15 AM    <DIR>          lib
09/11/2018  09:15 AM             1,108 LICENSE.md
09/11/2018  09:15 AM    <DIR>          menus
12/05/2018  11:15 PM    <DIR>          node_modules
09/11/2018  09:15 AM    <DIR>          notebook
12/05/2018  11:14 PM            80,539 package-lock.json
09/11/2018  09:15 AM            33,866 package.json
09/11/2018  09:15 AM            29,862 README.md
09/11/2018  09:15 AM    <DIR>          spec
09/11/2018  09:15 AM    <DIR>          styles
              10 File(s)        165,719 bytes
               9 Dir(s)  137,134,268,416 bytes free

#6

:smiley: …{That was super helpful. Thank you.}
:blush: …{I did not executed the command within the package’s folder before.}