|
|
|
|
|
|
by silverstream
98 days ago
|
|
|
This also compounds with npm's postinstall defaults. In this attack chain, the prompt injection triggers npm install on a fork, and postinstall scripts run with the
user's full permissions without any audit prompt. So you end up with GHA's over-privileged credentials handing off to npm's over-privileged install hooks.
I've started running --ignore-scripts by default and only whitelisting packages that genuinely need postinstall. It's a bit annoying, but the alternative is trusting
every transitive dependency not to do something during install.
|
|
|