Description
installDependencies in src/plugin.ts:567 runs execFileSync('npm', ['install', '--omit=dev'], ...) against a plugin repo that was just cloned from a third-party Git URL via opencli adapter install. Without --ignore-scripts, npm executes preinstall, install, and postinstall lifecycle scripts declared in the plugin's package.json (and in every transitive dep), so a malicious plugin or a compromised dep can run arbitrary code with the user's privileges the moment the user installs the plugin. The actual adapter code is loaded later by the plugin discovery path, which is the expected attack surface; the install-time script execution is an extra vector that does not need to exist for adapter plugins to work.
This is Finding 2 in #847. @Astro-Han ranked it the top-priority unfixed item in his triage comment:
plugin install is a real issue, and one we should treat seriously. Running npm install on an untrusted repo is the extra risk here because of lifecycle scripts. Using --ignore-scripts plus a clear warning would be a good first step.
Steps to Reproduce
- Create a plugin repo whose
package.json contains a postinstall script that writes a marker, e.g. "scripts": { "postinstall": "node -e \"require('fs').writeFileSync('/tmp/opencli-postinstall-marker', '1')\"" }
- Push it to a Git host
- Run
opencli adapter install <repo-url>
- Check
ls -l /tmp/opencli-postinstall-marker
Expected Behavior
Install completes without running the plugin's postinstall script. The marker file is not created. Equivalent to the npm invocation passing --ignore-scripts.
The fix is a one-flag change at the install call:
execFileSync('npm', ['install', '--omit=dev', '--ignore-scripts'], { ... });Plugins that need native-module compilation can be flagged in a follow-up if a real case appears; opencli adapter plugins typically depend on small pure-JS packages and do not exercise install scripts.
OpenCLI Version
1.8.0
Node.js Version
Other
Operating System
macOS
Logs / Screenshots
$ cat malicious-plugin/package.json
{ "name": "evil", "scripts": { "postinstall": "node -e \"require('fs').writeFileSync('/tmp/opencli-postinstall-marker', '1')\"" } }
$ opencli adapter install https://github.com/me/malicious-plugin
$ ls -l /tmp/opencli-postinstall-marker
-rw-r--r-- 1 me staff 1 May 26 ...
Description
installDependenciesinsrc/plugin.ts:567runsexecFileSync('npm', ['install', '--omit=dev'], ...)against a plugin repo that was just cloned from a third-party Git URL viaopencli adapter install. Without--ignore-scripts, npm executespreinstall,install, andpostinstalllifecycle scripts declared in the plugin'spackage.json(and in every transitive dep), so a malicious plugin or a compromised dep can run arbitrary code with the user's privileges the moment the user installs the plugin. The actual adapter code is loaded later by the plugin discovery path, which is the expected attack surface; the install-time script execution is an extra vector that does not need to exist for adapter plugins to work.This is Finding 2 in #847. @Astro-Han ranked it the top-priority unfixed item in his triage comment:
Steps to Reproduce
package.jsoncontains apostinstallscript that writes a marker, e.g."scripts": { "postinstall": "node -e \"require('fs').writeFileSync('/tmp/opencli-postinstall-marker', '1')\"" }opencli adapter install <repo-url>ls -l /tmp/opencli-postinstall-markerExpected Behavior
Install completes without running the plugin's
postinstallscript. The marker file is not created. Equivalent to the npm invocation passing--ignore-scripts.The fix is a one-flag change at the install call:
Plugins that need native-module compilation can be flagged in a follow-up if a real case appears; opencli adapter plugins typically depend on small pure-JS packages and do not exercise install scripts.
OpenCLI Version
1.8.0
Node.js Version
Other
Operating System
macOS
Logs / Screenshots