Skip to content

Commit 85a4887

Browse files
reakaleekreakaleek
authored
Add shai-hulud check (#1897)
* Add shai-hulud check * Also log file * Fix script
1 parent a3c5033 commit 85a4887

File tree

1 file changed

+8
-0
lines changed

1 file changed

+8
-0
lines changed

.github/workflows/ci.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,14 @@ jobs:
5555
- name: Install dependencies
5656
run: npm ci
5757

58+
## https://semgrep.dev/blog/2025/security-advisory-npm-packages-using-secret-scanning-tools-to-steal-credentials/
59+
- name: Check shai-hulud attack
60+
run: |
61+
if find . -type f -name "*.js" -exec sha256sum {} \; | grep -q "46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09"; then
62+
echo "Vulnerable version of serialize-javascript found in:"
63+
find . -type f -name "*.js" -exec sha256sum {} \; | grep "46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09" | awk '{print $2}'
64+
exit 1
65+
fi
5866
- name: Lint
5967
run: npm run lint
6068

0 commit comments

Comments
 (0)