A Python script that scans Proxmox LXC containers for NPM vulnerabilities and reports findings to Discord.
- Automatically detects and scans running LXC containers
- Checks for NPM installation in each container
- Finds and scans all Node.js projects in containers
- Creates/updates package-lock.json files when needed
- Reports findings via Discord webhook
- Groups results by vulnerability status
- Logs all operations for troubleshooting
- Python 3.6+
- Proxmox VE
- Root access to Proxmox host
- Discord webhook URL
- Clone this repository:
git clone https://github.com/yourusername/proxmox-npm-scanner.git
cd proxmox-npm-scanner
Make the script executable:
chmod +x npm_scan.py
Configure your Discord webhook URL in the script.
Usage
Run the script as root:
python3 npm_scan.py
Output
The script will send results to Discord with the following categories:
✅ Containers with no vulnerabilities
⚠️ Containers with vulnerabilities found
ℹ️ Containers without NPM installed
❌ Containers where scan failed