undefined | Better HN

0 pointsricardobeat14d ago0 comments

Those are two different attack vectors. The exploit they used on Github Actions would work for either npm or pnpm. But the replication part using postinstall scripts, once it is installed on another machine, would be stopped by pnpm.

What I'm curious about is: how can you poison the cache in CI, if the lockfile has an integrity hash for each package?

Did the incoming PR modify pnpm-lock.yaml? If so, that would an obvious thing to disallow in any open-source project and require maintainer oversight.

0 comments

Yokohiii14d ago

From what I understand they've wrote the poisoned payload directly to the file system where they've expected another package exists. You only need to know what hash is going to be created.

KajMagnus14d ago

How do you know the hash in advance?

pas11d ago

Perhaps pnpm trusts the local store?

j / k navigate · click thread line to collapse