Skip to content

chore(security): harden publish workflow vs Mini Shai-Hulud#6

Merged
nmccready merged 1 commit into
masterfrom
chore/harden-publish-shai-hulud
May 12, 2026
Merged

chore(security): harden publish workflow vs Mini Shai-Hulud#6
nmccready merged 1 commit into
masterfrom
chore/harden-publish-shai-hulud

Conversation

@nmccready

@nmccready nmccready commented May 12, 2026

Copy link
Copy Markdown

Summary

Hardens the standalone publish workflow vs Mini Shai-Hulud npm supply-chain campaign (2026-05-11). See companion PR brickhouse-tech/.github#7.

Local audit confirmed we are not breached — last `@brickhouse-tech/xml2js` publish (1.1.8, 2026-04-04) predates the attack by 5 weeks. This is preemptive hardening for the next release.

Changes

  • Pin actions to SHAs — defeats tag-rewrite attacks:
    • `actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683` (v4.2.2)
    • `actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e` (v6.4.0)
    • `step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450` (v2.19.1)
  • Add `step-security/harden-runner` with egress allowlist — blocks `getsession.org`, IMDS `169.254.169.254`, `vault.svc.cluster.local`.
  • `npm ci --ignore-scripts` — blocks transitive postinstall (the worm's vector). Our package.json publish lifecycle still runs.
  • Add `contents: read` to job permissions; keep `id-token: write` for OIDC.

Test plan

  • Push test tag (e.g. v1.1.9-test.0) and verify publish succeeds with egress allowlist
  • Confirm `npm audit --omit=dev` still passes
  • Verify provenance attestation uploads to Sigstore

🤖 Generated with Claude Code

@nmccready @claude
chore(security): pin actions, ignore-scripts, egress allowlist (mini …
13adf98 
…shai-hulud)

Mitigations vs the Mini Shai-Hulud npm supply-chain campaign (2026-05-11)
that hijacked TanStack/Mistral/UiPath/OpenSearch publish runners mid-OIDC
flow and forged signed provenance attestations.

- Pin actions/checkout, actions/setup-node, step-security/harden-runner to
  SHAs to defeat tag-rewrite attacks.
- Add step-security/harden-runner with egress allowlist (blocks
  getsession.org, IMDS 169.254.169.254, vault.svc.cluster.local).
- Pass --ignore-scripts to npm ci to block transitive postinstall scripts
  (the worm's vector). Our own publish lifecycle (prepublishOnly/prepack)
  still runs via npm publish.
- Add contents: read to job permissions; keep id-token: write.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@nmccready nmccready merged commit cde6822 into master May 12, 2026
7 checks passed
This was referenced May 13, 2026
Merged
Merged
Merged
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nmccready