zsp/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-05-15 21:33:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

security: add node-ipc IOC coverage (#1924)

Browse Source
This commit is contained in:
Affaan Mustafa
2026-05-15 06:56:57 -04:00
committed by GitHub
parent 5b9acd1d92
commit ee85e1482e
4 changed files with 149 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
docs/releases/2.0.0-rc.1/publication-evidence-2026-05-15.md
View File

@@ -64,17 +64,22 @@ Project documents added in Linear:
| Surface | Evidence |
| --- | --- |
| PR #1921 | Merged supply-chain IOC expansion for Mini Shai-Hulud/TanStack follow-up |
| Node IPC follow-up | Added May 14 `node-ipc` malicious-version, hash, DNS, and runtime IOC coverage |
| Merge commit | `f04702bdac132662c8496e817bcd850c86e2b854` |
| Local IOC tests | `node tests/ci/scan-supply-chain-iocs.test.js` passed 11/11 |
| Local IOC tests | `node tests/ci/scan-supply-chain-iocs.test.js` passed 12/12 |
| Unicode safety | `node scripts/ci/check-unicode-safety.js` passed |
| IOC scan | `npm run security:ioc-scan` passed |
| Root suite | `npm test` passed 2426/2426, 0 failed |
| Root suite | `npm test` passed 2427/2427, 0 failed |
| Repo sweeps | IOC scanner sweep passed for trunk, AgentShield, ECC Tools, ECC website, JARVIS, and the ECC document mirror |
The May 15 IOC expansion added coverage for OpenSearch/Mistral/Guardrails/
UiPath/Squawk-style campaign variants, `opensearch_init.js`, `vite_setup.mjs`,
dead-drop/session protocol strings, and AI-tooling persistence surfaces without
committing full high-entropy indicators that trip secret scanners.
The May 15 node-ipc follow-up blocks `node-ipc@9.1.6`, `9.2.3`, `10.1.1`,
`10.1.2`, `11.0.0`, `11.1.0`, and `12.0.1`, plus the `node-ipc.cjs` payload
hash, malicious tarball hashes, DNS exfil domains, and runtime markers reported
by Socket.
## Current Publication Blockers

11
docs/security/supply-chain-incident-response.md
View File

@@ -21,6 +21,10 @@ credentials:
- Follow-on reporting from StepSecurity, Socket, Aikido, and Wiz describes the
same campaign expanding into packages associated with Mistral AI, UiPath,
OpenSearch, Guardrails AI, Squawk, and other npm/PyPI packages.
- Socket's 2026-05-14 `node-ipc` report describes a separate active npm
compromise affecting `node-ipc` versions `9.1.6`, `9.2.3`, and `12.0.1`,
with historical malicious `node-ipc` versions also blocked by ECC because
they carried destructive or unauthorized file-writing behavior.
- The live IOC set includes persistence through Claude Code
`.claude/settings.json`, VS Code `.vscode/tasks.json`, and OS-level
`gh-token-monitor` LaunchAgent/systemd services. Some variants add a
@@ -35,6 +39,12 @@ credentials:
`opensearch_init.js`, `vite_setup.mjs`, campaign salt `svksjrhjkcejg`,
Session protocol strings, `claude@users.noreply.github.com` dead-drop
commits, `dependabout/` branch names, and `OhNoWhatsGoingOnWithGitHub`.
- The `node-ipc` sweep watches for `node-ipc.cjs` payload hash
`96097e06...d9034144`, tarball hashes for the malicious `9.1.6`, `9.2.3`,
and `12.0.1` artifacts, `sh.azurestaticprovider.net`, `bt.node.js`,
`37.16.75.69`, DNS exfil labels `xh` / `xd` / `xf` where present in
artifacts, `__ntw`, `__ntRun`, `/nt-` temp archives, and archive entries such
as `uname.txt`, `envs.txt`, and `fixtures/_paths.txt`.
- The attack chain combined `pull_request_target`, GitHub Actions cache
poisoning across a fork/base trust boundary, and OIDC token extraction from a
GitHub Actions runner.
@@ -47,6 +57,7 @@ Primary references:
- <https://tanstack.com/blog/npm-supply-chain-compromise-postmortem>
- <https://github.com/advisories/GHSA-g7cv-rxg3-hmpx>
- <https://tanstack.com/blog/incident-followup>
- <https://socket.dev/blog/node-ipc-package-compromised>
- <https://docs.npmjs.com/trusted-publishers/>
- <https://www.cisa.gov/news-events/alerts/2025/09/23/widespread-supply-chain-compromise-impacting-npm-ecosystem>

97
scripts/ci/scan-supply-chain-iocs.js
View File

@@ -5,6 +5,7 @@
*/
const fs = require('fs');
const crypto = require('crypto');
const os = require('os');
const path = require('path');
@@ -204,6 +205,7 @@ const MALICIOUS_PACKAGE_VERSIONS = {
'mbt': ['1.2.48'],
'mistralai': ['2.4.6'],
'ml-toolkit-ts': ['1.0.4', '1.0.5'],
'node-ipc': ['9.1.6', '9.2.3', '10.1.1', '10.1.2', '11.0.0', '11.1.0', '12.0.1'],
'nextmove-mcp': ['0.1.3', '0.1.4', '0.1.5', '0.1.7'],
'safe-action': ['0.8.3', '0.8.4'],
'ts-dna': ['3.0.1', '3.0.2', '3.0.3', '3.0.4', '3.0.5'],
@@ -266,8 +268,60 @@ const CRITICAL_TEXT_INDICATORS = [
'PUSH UR T3MPRR',
'codeql_analysis.yml',
'shai-hulud-workflow.yml',
[
'96097e0612d9575c',
'b133021017fb1a5c',
'68a03b60f9f3d24e',
'bdc0e628d9034144',
].join(''),
[
'449e4265979b5fdb',
'2d3446c021af437e',
'815debd66de7da2f',
'e54f1ad93cbcc75e',
].join(''),
[
'c2f4dc64aec46315',
'40a568e88932b61d',
'aebbfb7e8281b812',
'fa01b7215f9be9ea',
].join(''),
[
'78a82d93b4f58083',
'5f5823b85a3d9ee1',
'f03a15ee6f0e01b',
'4eac86252a7002981',
].join(''),
'sh.azurestaticprovider.net',
'37.16.75.69',
'bt.node.js',
'__ntw',
'__ntRun',
'/nt-',
'uname.txt',
'envs.txt',
'fixtures/_paths.txt',
];
const MALICIOUS_FILE_HASHES = {
'96097e0612d9575cb133021017fb1a5c68a03b60f9f3d24ebdc0e628d9034144': {
indicator: 'node-ipc.cjs sha256',
message: 'Known malicious node-ipc CommonJS payload hash is present',
},
'449e4265979b5fdb2d3446c021af437e815debd66de7da2fe54f1ad93cbcc75e': {
indicator: 'node-ipc-9.1.6.tgz sha256',
message: 'Known malicious node-ipc tarball hash is present',
},
'c2f4dc64aec4631540a568e88932b61daebbfb7e8281b812fa01b7215f9be9ea': {
indicator: 'node-ipc-9.2.3.tgz sha256',
message: 'Known malicious node-ipc tarball hash is present',
},
'78a82d93b4f580835f5823b85a3d9ee1f03a15ee6f0e01b4eac86252a7002981': {
indicator: 'node-ipc-12.0.1.tar.gz sha256',
message: 'Known malicious node-ipc tarball hash is present',
},
};
const DEPENDENCY_FILENAMES = new Set([
'package.json',
'package-lock.json',
@@ -279,6 +333,13 @@ const DEPENDENCY_FILENAMES = new Set([
'requirements.txt',
]);
const INSPECT_ONLY_FILENAMES = new Set([
'node-ipc.cjs',
'node-ipc-9.1.6.tgz',
'node-ipc-9.2.3.tgz',
'node-ipc-12.0.1.tar.gz',
]);
const PERSISTENCE_FILENAMES = new Set([
'settings.json',
'tasks.json',
@@ -342,6 +403,7 @@ function shouldInspectFile(filePath) {
if (DEPENDENCY_FILENAMES.has(base)) return true;
if (PERSISTENCE_FILENAMES.has(base) && isInSpecialConfigPath(filePath)) return true;
if (PAYLOAD_FILENAMES.has(base) && filePath.includes(`${path.sep}node_modules${path.sep}`)) return true;
if (INSPECT_ONLY_FILENAMES.has(base)) return true;
return false;
}
@@ -392,7 +454,13 @@ function walkNodeModules(nodeModulesDir, files) {
}
function inspectPackageDir(packageDir, files) {
for (const filename of [...DEPENDENCY_FILENAMES, ...PAYLOAD_FILENAMES, 'setup.mjs', 'execution.js']) {
for (const filename of [
...DEPENDENCY_FILENAMES,
...PAYLOAD_FILENAMES,
...INSPECT_ONLY_FILENAMES,
'setup.mjs',
'execution.js',
]) {
const candidate = path.join(packageDir, filename);
if (fs.existsSync(candidate) && fs.statSync(candidate).isFile()) {
files.push(candidate);
@@ -408,6 +476,14 @@ function readText(filePath) {
}
}
function sha256File(filePath) {
try {
return crypto.createHash('sha256').update(fs.readFileSync(filePath)).digest('hex');
} catch {
return '';
}
}
function lineForIndex(text, index) {
return text.slice(0, index).split(/\r?\n/).length;
}
@@ -425,6 +501,18 @@ function scanFile(filePath, rootDir, findings) {
const relativePath = path.relative(rootDir, filePath) || filePath;
const text = readText(filePath);
const lowerText = normalizeForMatch(text);
const hashFinding = MALICIOUS_FILE_HASHES[sha256File(filePath)];
if (hashFinding) {
addFinding(
findings,
'critical',
relativePath,
1,
hashFinding.indicator,
hashFinding.message,
);
}
if (PAYLOAD_FILENAMES.has(base)) {
addFinding(
@@ -492,8 +580,14 @@ function runtimeTargets() {
return [
'/tmp/transformers.pyz',
'/tmp/pgmonitor.py',
'/tmp/node-ipc-9.1.6.tgz',
'/tmp/node-ipc-9.2.3.tgz',
'/tmp/node-ipc-12.0.1.tar.gz',
'/private/tmp/transformers.pyz',
'/private/tmp/pgmonitor.py',
'/private/tmp/node-ipc-9.1.6.tgz',
'/private/tmp/node-ipc-9.2.3.tgz',
'/private/tmp/node-ipc-12.0.1.tar.gz',
];
}
@@ -575,6 +669,7 @@ if (require.main === module) {
module.exports = {
CRITICAL_TEXT_INDICATORS,
MALICIOUS_FILE_HASHES,
MALICIOUS_PACKAGE_VERSIONS,
scanSupplyChainIocs,
};

35
tests/ci/scan-supply-chain-iocs.test.js
View File

@@ -104,6 +104,41 @@ function run() {
});
})) passed++; else failed++;
if (test('rejects node-ipc campaign package versions and CJS indicators', () => {
withFixture({
'package-lock.json': JSON.stringify({
packages: {
'node_modules/node-ipc': {
version: '12.0.1',
},
},
}, null, 2),
'node_modules/node-ipc/package.json': JSON.stringify({
name: 'node-ipc',
version: '9.2.3',
}, null, 2),
'node_modules/node-ipc/node-ipc.cjs': [
'const host = "sh.azurestaticprovider.net";',
'const zone = "bt.node.js";',
'process.env.__ntw = "1";',
'module.exports.__ntRun = true;',
'const archive = "/nt-/sample.tar.gz";',
'const entries = ["uname.txt", "envs.txt", "fixtures/_paths.txt"];',
].join('\n'),
}, rootDir => {
const result = scanSupplyChainIocs({ rootDir });
const indicators = result.findings.map(finding => finding.indicator);
assert.ok(indicators.includes('node-ipc@12.0.1'));
assert.ok(indicators.includes('node-ipc@9.2.3'));
assert.ok(indicators.includes('sh.azurestaticprovider.net'));
assert.ok(indicators.includes('bt.node.js'));
assert.ok(indicators.includes('__ntw'));
assert.ok(indicators.includes('__ntRun'));
assert.ok(indicators.includes('/nt-'));
assert.ok(indicators.includes('fixtures/_paths.txt'));
});
})) passed++; else failed++;
if (test('passes clean versions of watched packages', () => {
withFixture({
'package-lock.json': JSON.stringify({