All @redhat-cloud-services/compliance-client versions
@redhat-cloud-services/compliance-client @4.0.4
TypeScript client for Red Hat Insights Compliance service
Maintainers
Dependencies (2)
| Package | Constraint | Registry Status |
|---|---|---|
| tslib | ^2.6.2 | auto_approved |
| @redhat-cloud-services/javascript-clients-shared | ^2.0.5 | auto_approved |
Transitive Dependency Tree
Changes from v4.0.2
Dependency Changes
Script Changes
+ preinstallFile Changes
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
install-script:preinstall |
— | reject | sean | redhat-cloud-services supply-chain compromise (2026-06-01): injected preinstall hook. Auto-reject any version with a preinstall script. |
SAST Findings (4)
[Always reject] Script: node index.js
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a `preinstall` hook into this and 31 other packages in the `@redhat-cloud-services` scope. The hook delivers a three-layer obfuscated payload (ROT-9 Caesar cipher over a 1.27M-entry character-code array -> AES-128-GCM decryption with hardcoded keys -> stacked obfuscator.io encoding with PBKDF2+SHA-256 keystream S-box substitution) that downloads a pinned Bun runtime (v1.3.13) from GitHub to execute the worm outside the victim's Node installation. **Credential theft:** Harvests AWS credentials (IMDS, ECS, Secrets Manager, SSM), Azure managed identities, GCP service account tokens, HashiCorp Vault tokens, Kubernetes service account tokens (`/var/run/secrets/kubernetes.io/serviceaccount/token`), GitHub PATs, npm publish tokens, environment variables from ~40 CI platforms (CircleCI, Travis CI, Jenkins, and others), password manager stores (Bitwarden, gopass), and local files (`~/.npmrc`, `~/.netrc`, shell history, database history). Collected data is exfiltrated to attacker-controlled public GitHub repositories. **Privilege escalation:** Exploits Docker socket access to escape containers and modify `/etc/sudoers.d`, granting passwordless sudo to CI runner user accounts. **Self-propagation:** Uses stolen npm credentials to republish tampered tarballs of target packages. Injects a malicious CodeQL workflow into accessible GitHub repositories via the GraphQL `createCommitOnBranch` mutation, exchanges GitHub Actions OIDC tokens for npm publish tokens, and signs the resulting artifacts through Sigstore (Fulcio/Rekor) to appear legitimate. **Persistence and evasion:** Installs a daemon at `/tmp/kitty-<random>`, hijacks `.claude/settings.json` for AI agent persistence, and hijacks `.vscode/tasks.json` for editor task execution. Detects sandbox environments via `__FAKE_PLATFORM__`, `TESTING_TAR_FAKE_PLATFORM__`, and `__IS_DAEMON` environment variables, and probes for EDR tools (CrowdStrike, SentinelOne, Carbon Black, StepSecurity Harden-Runner).
This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Review Summary
Risk score: 100 (capped from 115). Findings: 2 critical (+80), 1 high (+25), 1 medium (+10), 2 info (+0).
Published to npm: