GitHub Advisory Database identifies this repo as malware #500

patoncrispy · 2024-12-06T02:48:47Z

Dependabot has raised this repo as a vulnerability. It was flagged because we have @types/github-script installed. Is this something that can be mitigated/resolved? GHSA-v9m5-8c6w-p3m5

The text was updated successfully, but these errors were encountered:

joshmgross · 2025-01-17T19:47:53Z

👋 I opened #514 to clear up the confusion here - this repository is not malware nor does it contain any malware dependencies. The NPM package github-script is malware, which is just a package using the same name as this repository.

joshmgross · 2025-01-17T20:02:31Z

This should be resolved now -

~/projects/github-script-types
❯ npm i -D @actions/github-script@github:actions/github-script

changed 1 package, and audited 39 packages in 5s

found 0 vulnerabilities

~/projects/github-script-types 6s
❯ npm audit                                                   
found 0 vulnerabilities

If you have any questions or further concerns - please don't hesitate to ask!

joh-klein · 2025-01-20T09:27:39Z

This works the same way when you only use the types npm i -D @types/github-script@github:actions/github-script.

joshmgross self-assigned this Jan 17, 2025

joshmgross mentioned this issue Jan 17, 2025

Clear up package name confusion #514

Merged

joshmgross closed this as completed Jan 17, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database identifies this repo as malware #500

GitHub Advisory Database identifies this repo as malware #500

patoncrispy commented Dec 6, 2024

joshmgross commented Jan 17, 2025

joshmgross commented Jan 17, 2025

joh-klein commented Jan 20, 2025

GitHub Advisory Database identifies this repo as malware #500

GitHub Advisory Database identifies this repo as malware #500

Comments

patoncrispy commented Dec 6, 2024

joshmgross commented Jan 17, 2025

joshmgross commented Jan 17, 2025

joh-klein commented Jan 20, 2025