zsp/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-05-16 22:03:05 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,777 Commits 10 Branches 13 Tags
2b387fb76194c84d9219f7459009d1bd34a4050b
Commit Graph

10 Commits

Author SHA1 Message Date
Affaan Mustafa
a8e3bcb00f Add supply-chain advisory source refresh 2026-05-15 23:09:54 -04:00
Affaan Mustafa
f7035b5644 Harden CI installs against supply-chain lifecycle hooks 2026-05-15 17:29:03 -04:00
Affaan Mustafa
6951b8d5d2 Add scheduled supply-chain watch workflow 2026-05-15 16:56:49 -04:00
Affaan Mustafa
701b350f6f docs: record latest AgentShield and billing gate evidence (#1930) 2026-05-15 12:10:33 -04:00
Affaan Mustafa
ee85e1482e security: add node-ipc IOC coverage (#1924) 2026-05-15 06:56:57 -04:00
Affaan Mustafa
f04702bdac Expand Mini Shai-Hulud IOC coverage (#1921) 2026-05-15 03:20:10 -04:00
Affaan Mustafa
e8e9df52a6 fix: harden supply-chain IOC scan (#1918) 2026-05-15 02:50:50 -04:00
Affaan Mustafa
7d15a2282b security: add supply-chain IOC scanner (#1904) 2026-05-14 21:15:35 -04:00
Affaan Mustafa
42f04edc03 ci: gate observability on release safety evidence 
Add release-safety evidence coverage to observability readiness and refresh rc.1 publication gate docs.
 2026-05-13 04:14:47 -04:00
Affaan Mustafa
cbecf5689d docs: add supply-chain incident response playbook 
Add a repo-level supply-chain incident response playbook for npm/GitHub Actions package-registry incidents, anchored on the May 2026 TanStack compromise and prior Shai-Hulud-style npm incidents.

- add `docs/security/supply-chain-incident-response.md` with exposure checks, immediate response steps, workflow rules, publication rules, and escalation triggers
- link the playbook from `SECURITY.md`
- reject `pull_request_target` workflows that restore or save shared dependency caches
- add a regression test for the new `pull_request_target + actions/cache` guardrail

Validation:
- node tests/ci/validate-workflow-security.test.js (12 passed, 0 failed)
- node scripts/ci/validate-workflow-security.js (validated 7 workflow files)
- npx markdownlint-cli 'SECURITY.md' 'docs/security/supply-chain-incident-response.md'
- npx markdownlint-cli '**/*.md' --ignore node_modules
- git diff --check
- node tests/run-all.js (2377 passed, 0 failed)
- GitHub CI for #1848 green across Ubuntu, Windows, and macOS

No release, tag, npm publish, plugin tag, marketplace submission, or announcement was performed.
 2026-05-13 00:22:28 -04:00