UNPKG

@unkn0wnartist/h1-poc-test

Version:

PoC package for demonstrating supply-chain vulnerability in GitHub Actions via Dependabot

20 lines (14 loc) 967 B
# H1 PoC Test Package (@unkn0wnartist/h1-poc-test) ⚠️ **WARNING: This is a security research package for demonstrating supply-chain vulnerabilities.** ## Purpose This package is created for demonstrating a potential supply-chain attack vector through GitHub Actions Dependabot workflows. ## Security Research Context - **Target**: Cloudflare Workers SDK repository (or similar vulnerable GitHub Actions setups) - **Vector**: Malicious postinstall script execution via Dependabot PR triggered by this package update. - **Platform**: HackerOne Bug Bounty (or other responsible disclosure programs) ## Usage This package should ONLY be used in controlled security research environments for which you have explicit permission to test. ## Disclaimer This package is created SOLELY for legitimate security research purposes and responsible disclosure. The author is not responsible for any misuse of this package or its concepts. Always act ethically and legally.