Skip to content

Commit 47ebc82

Browse files
reakaleekreakaleek
committed
Add shai-hulud check
1 parent a3c5033 commit 47ebc82

File tree

1 file changed

+8
-0
lines changed

1 file changed

+8
-0
lines changed

.github/workflows/ci.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,14 @@ jobs:
5555
- name: Install dependencies
5656
run: npm ci
5757

58+
## https://semgrep.dev/blog/2025/security-advisory-npm-packages-using-secret-scanning-tools-to-steal-credentials/
59+
- name: Check shai-hulud attack
60+
run: |
61+
find . -type f -name "*.js" -exec sha256sum {} \; | grep "46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09"
62+
if [ $? -eq 0 ]; then
63+
echo "Vulnerable version of serialize-javascript found"
64+
exit 1
65+
fi
5866
- name: Lint
5967
run: npm run lint
6068

0 commit comments

Comments
 (0)