Los ntawm kev cuam tshuam cov txheej txheem tso tawm GitHub Actions hauv Red Hat's RedHatInsights repositories, cov neeg tawm tsam tau tshaj tawm 64 qhov tsis zoo ntawm 32 pob NPM rau Red Hat Cloud Services platform rau NPM directory. Ob qhov tsis zoo ntawm txhua pob NPM raug cuam tshuam tau tso tawm, txhua tus muaj cov lej uas ua rau muaj qhov sib txawv tshiab ntawm mini-shai-hulud worm, uas tshawb nrhiav cov tokens thiab cov ntaub ntawv pov thawj hauv qhov chaw tam sim no.
Tus kab mob no tau muab tso rau hauv cov ntaub ntawv index.js thiab qhib los ntawm tus neeg ua haujlwm ua ntej uas hu ua thaum txhim kho pob khoom uas muaj kab mob. Thaum qhib lawm, tus kab mob no tau tshawb nrhiav lub kaw lus rau cov cim rau NPM (~/.npmrc), PyPI, CircleCI, AWS, GCP, Docker, Azure, HashiCorp, thiab KubernetesK8s, nrog rau cov yuam sij ntiag tug SSH. Cov ntaub ntawv uas nws pom tau raug xa mus rau cov neeg tawm tsam. Yog tias pom ib qho cim NPM, tus kab mob no tau tshaj tawm cov kev tso tawm tshiab rau cov pob khoom uas tau tsim nyob rau hauv ib puag ncig tam sim no, kis tus kab mob rau tsob ntoo uas nyob ntawm seb lawv nyob qhov twg.
Kev nkag mus rau GitHub Actions tau los ntawm kev nkag mus rau hauv tus account ntawm tus neeg ua haujlwm Red Hat, uas tso cai rau cov neeg tawm tsam kom ncaj qha thawb cov lus cog tseg rau javascript-clients, frontend-components, thiab platform-frontend-ai-toolkit repositories yam tsis tau dhau los ntawm cov txheej txheem tshuaj xyuas. Cov lus cog tseg no tau ntxig cov ntaub ntawv ci.yaml rau hauv lub kaw lus sib koom ua ke, uas, thaum khiav ib qho kev tsim kho, ua tiav cov ntawv sau _index.js siv lub platform bun. Cov ntawv sau siv kev tso cai "id-token: write" los thov OIDC (OpenID Connect) token los ntawm GitHub, uas tom qab ntawd tau siv rau kev lees paub nrog NPM ntawm lub tshuab "trusted publishing".
Cov pob khoom NPM uas muaj cov lej phem:
- @redhat-cloud-services/chrome (2.3.1, 2.3.2)
- @redhat-cloud-services/compliance-client (4.0.3, 4.0.4)
- @redhat-cloud-services/config-manager-client (5.0.4, 5.0.5)
- @redhat-cloud-services/entitlements-client (4.0.11, 4.0.12)
- @redhat-cloud-services/eslint-config-redhat-cloud-services (3.2.1, 3.2.2)
- @redhat-cloud-services/frontend-components (7.7.2, 7.7.3)
- @redhat-cloud-services/frontend-components-advisor-components (3.8.2)
- @redhat-cloud-services/frontend-components-config (6.11.3, 6.11.4)
- @redhat-cloud-services/frontend-components-config-utilities (4.11.2, 4.11.3)
- @redhat-cloud-services/frontend-components-notifications (6.9.2, 6.9.3)
- @redhat-cloud-services/frontend-components-remediations (4.9.2, 4.9.3)
- @redhat-cloud-services/frontend-components-testing (1.2.1, 1.2.2)
- @redhat-cloud-services/frontend-components-translations (4.4.1, 4.4.2)
- @redhat-cloud-services/frontend-components-utilities (7.4.1, 7.4.2)
- @redhat-cloud-services/hcc-feo-mcp (0.3.1, 0.3.2)
- @redhat-cloud-services/hcc-kessel-mcp (0.3.1, 0.3.2)
- @redhat-cloud-services/hcc-pf-mcp (0.6.1, 0.6.2)
- @redhat-cloud-services/host-inventory-client (5.0.3, 5.0.4)
- @redhat-cloud-services/insights-client (4.0.4, 4.0.5)
- @redhat-cloud-services/integrations-client (6.0.4, 6.0.5)
- @redhat-cloud-services/javascript-clients-shared (2.0.8, 2.0.9)
- @redhat-cloud-services/notifications-client (6.1.4, 6.1.5)
- @redhat-cloud-services/patch-client (4.0.4, 4.0.5)
- @redhat-cloud-services/quickstarts-client (4.0.11, 4.0.12)
- @redhat-cloud-services/rbac-client (9.0.3, 9.0.4)
- @redhat-cloud-services/remediations-client (4.0.4, 4.0.5)
- @redhat-cloud-services/rule-components (4.7.2, 4.7.3)
- @redhat-cloud-services/sources-client (3.0.10, 3.0.11)
- @redhat-cloud-services/topological-inventory-client (3.0.10, 3.0.11)
- @redhat-cloud-services/tsc-transform-imports (1.2.2)
- @redhat-cloud-services/hom (3.6.1, 3.6.2, 3.6.4)
- @redhat-cloud-services/vulnerabilities-client (2.1.8, 2.1.9)
Tau qhov twg los: opennet.ru
