One-liners to check for bad litellm and axios on your computer
Search your drive (not mounts) for compromised versions of litellm and axios.
Please comment if you see anything wrong or ways these can be improved!
LiteLLM: find / \( -type d -name "litellm-.dist-info" -o -name "litellm_init.pth" \) 2>/dev/null \ | while read d; do case "$d" in dist-info) v=$(echo "$d" | sed 's/.litellm-\(.\)\.dist-info/\1/') if echo "$v" | grep -qE '^1\.82\.(7|8)$'; then echo "COMPROMISED: $d -> litellm $v" else echo "CLEAN: $d -> litellm $v" fi ;; pth) echo "COMPROMISED: malicious .pth file found at $d" ;; esac done
Example output: CLEAN: /System/Volumes/Data/Users/johndamask/code/my-own-agents-shove-it/openai-agents-sdk/thebostonwrongs/.venv/lib/python3.12/site-packages/litellm-1.67.5.dist-info -> litellm 1.67.5 CLEAN: /System/Volumes/Data/Users/johndamask/code/ai-evals-course/recipe-chatbot-langchain/.venv/lib/python3.12/site-packages/litellm-1.78.5.dist-info -> litellm 1.78.5 CLEAN: /System/Volumes/Data/Users/johndamask/code/ai-evals-course/recipe-chatbot/.venv/lib/python3.12/site-packages/litellm-1.73.6.dist-info -> litellm 1.73.6
Axios: find . -path "/node_modules/axios/package.json" 2>/dev/null \ | while read f; do v=$(grep '"version"' "$f" | head -1 | sed 's/.: "\(.\)"./\1/') dir=$(dirname "$f") if echo "$v" | grep -qE '^(1\.14\.1|0\.30\.4)$'; then echo "COMPROMISED: $dir -> axios $v" else echo "CLEAN: $dir -> axios $v" fi done
No comments yet.