|
|
|
|
One-liners to check for bad litellm and axios on your computer
|
|
1 points
by jbdamask
72 days ago
|
|
|
Search your drive (not mounts) for compromised versions of litellm and axios. Please comment if you see anything wrong or ways these can be improved! LiteLLM:
find / \( -type d -name "litellm-.dist-info" -o -name "litellm_init.pth" \) 2>/dev/null \
| while read d; do
case "$d" in
dist-info)
v=$(echo "$d" | sed 's/.litellm-\(.\)\.dist-info/\1/')
if echo "$v" | grep -qE '^1\.82\.(7|8)$'; then
echo "COMPROMISED: $d -> litellm $v"
else
echo "CLEAN: $d -> litellm $v"
fi
;;
pth)
echo "COMPROMISED: malicious .pth file found at $d"
;;
esac
done Example output:
CLEAN: /System/Volumes/Data/Users/johndamask/code/my-own-agents-shove-it/openai-agents-sdk/thebostonwrongs/.venv/lib/python3.12/site-packages/litellm-1.67.5.dist-info -> litellm 1.67.5
CLEAN: /System/Volumes/Data/Users/johndamask/code/ai-evals-course/recipe-chatbot-langchain/.venv/lib/python3.12/site-packages/litellm-1.78.5.dist-info -> litellm 1.78.5
CLEAN: /System/Volumes/Data/Users/johndamask/code/ai-evals-course/recipe-chatbot/.venv/lib/python3.12/site-packages/litellm-1.73.6.dist-info -> litellm 1.73.6 Axios:
find . -path "/node_modules/axios/package.json" 2>/dev/null \
| while read f; do
v=$(grep '"version"' "$f" | head -1 | sed 's/.: "\(.\)"./\1/')
dir=$(dirname "$f")
if echo "$v" | grep -qE '^(1\.14\.1|0\.30\.4)$'; then
echo "COMPROMISED: $dir -> axios $v"
else
echo "CLEAN: $dir -> axios $v"
fi
done |
|
|