{"library":"cache-poisoning-pwn-demo","type":"library","category":null,"description":"Educational demo (v0.1.32) reproducing a supply-chain attack via GitHub Actions cache poisoning, modeled on the TanStack compromise. Installs trigger an innocuous Calculator payload to demonstrate how a closed PR can poison cache and cause the maintainer's own CI to publish a malicious release with valid npm provenance. Not for production use — acts as a training and hardening reference.","language":"javascript","status":"deprecated","version":"0.1.32","tags":["javascript","demo","security","supply-chain","education"],"last_verified":"Sun Jun 07","install":[{"cmd":"npm install cache-poisoning-pwn-demo","imports":["import 'cache-poisoning-pwn-demo'"]},{"cmd":"yarn add cache-poisoning-pwn-demo","imports":[]},{"cmd":"pnpm add cache-poisoning-pwn-demo","imports":[]}],"homepage":"https://github.com/lullu57/gh-actions-demo-cache-poisoning","github":"https://github.com/lullu57/gh-actions-demo-cache-poisoning","docs":null,"changelog":null,"pypi":null,"npm":"cache-poisoning-pwn-demo","openapi_spec":null,"status_page":null,"smithery":null,"compatibility":null}