Security Altert for test262 #7861
Unanswered
ThomasZoellinger
asked this question in
Troubleshooting
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I got the following message from Orca. What can or should I do about it?
Workload misconfigurations
NPM package potentially vulnerable to dependency confusion attack
A Dependency Confusion attack occurs when a software installer script is tricked into pulling a malicious package from a public repository instead of the intended file of the same name from an internal repository. Orca has detected the following packages as missing from the public NPM registry:
test262- defined in/var/lib/backup_docker/overlay2/jji7q5juwajbam3qwvr86ct9n/diff/usr/local/share/.cache/yarn/v6/npm-acorn-import-assertions-1.8.0-ba2b5939ce62c238db6d93d81c9b111b29b855e9-integrity/node_modules/acorn-import-assertions/package.jsontest262- defined in/var/lib/backup_docker/overlay2/jji7q5juwajbam3qwvr86ct9n/diff/code/node_modules/acorn-import-assertions/package.jsonlibrechat-mcp- defined in/home/ubuntu/git/docker-librechat/LibreChat/api/package.jsonA malicious actor can abuse this scenario to create their own NPM package and register it in the public NPM Registry with the same name.ghcr.io/danny-avila/librechat-dev latest 3aa5ffebaa82 5 weeks ago 953MB
ghcr.io/danny-avila/librechat-rag-api-dev-lite latest 817faebddae9 2 months ago 1.31GB
Beta Was this translation helpful? Give feedback.
All reactions