← Home

unhead

npm Repository Homepage
10
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

harlan_zw

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/stream/iife.global.js AI (source-diff): Bundled IIFE output for head-tag streaming; long lines, not obfuscated. Stable for this package. ai
source-diff obfuscated-file:dist/stream/iife.mjs AI (source-diff): Exports the IIFE bundle as a string constant for injection; expected pattern for this package. ai

Versions (showing 10 of 10)

Version Deps Published
3.1.1 2 / 3
3.1.0 2 / 3
3.0.5 1 / 3
3.0.4 2 / 1
3.0.3 2 / 1
3.0.2 2 / 1
3.0.1 2 / 1
3.0.0 2 / 1
2.1.15 1 / 0
2.1.13 1 / 0

v3.1.1

3 findings
HIGH New obfuscated file: dist/stream/iife.global.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/stream/iife.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.0

2 findings
LOW GHSA-x7mm-9vvv-64w8: unhead: Streaming SSR `streamKey` injected into inline script without identifier validation osv

### Summary `createStreamableHead({ streamKey })` interpolated its `streamKey` argument directly into the streaming SSR bootstrap and suspense-chunk inline scripts without identifier validation or escaping. If an application forwards untrusted data into that configuration value, the rendered scripts become a script-injection sink. ### Details `streamKey` was embedded into JavaScript source via dot notation in two public helpers: * `createBootstrapScript()` returned `<script>window.${streamKey}={...}</script>` * `renderSSRHeadSuspenseChunk()` returned `window.${streamKey}.push(...)` No escaping, quoting, or identifier validation was applied before these strings were embedded into HTML. A `streamKey` such as `__unhead__;globalThis.PWNED=1;//` broke out of the intended property access and injected arbitrary JavaScript into the page. The JSON escaping used for streamed head entries did not protect `streamKey` because `streamKey` was inserted as raw code rather than as serialized data. ### Impact `streamKey` is a developer-chosen configuration value rather than a data field — the intended usage is a hardcoded identifier-shaped constant (default `__unhead__`). Exploitation therefore requires an application to explicitly route untrusted input into a configuration sink, which is not a documented or recommended pattern. We have no reports of any downstream project sourcing `streamKey` from request data. Applications using the default `streamKey`, or any hardcoded custom key, are **not affected**. ### PoC ```ts import { createStreamableHead, renderSSRHeadShell } from 'unhead/stream/server' const { head } = createStreamableHead({ streamKey: '__unhead__;globalThis.PWNED=1;//', }) const html = renderSSRHeadShell( head, '<!doctype html><html><head></head><body></body></html>', ) // <!doctype html><html><head><script>window.__unhead__;globalThis.PWNED=1;//={_q:[],push(e){this._q.push(e)}}</script>… ``` ### Patch Fixed on `main` in [`64b5ac0`](https://github.com/unjs/unhead/commit/64b5ac0aa30cc256ea6677ce3dc4f132f81b2ff6). The fix will ship in the next patch release of `unhead`. `streamKey` is now validated against a conservative ASCII JavaScript-identifier pattern (`/^[$_a-z][$\w]*$/i`) at every sink — `createStreamableHead`, `createBootstrapScript`, and the internal stream-key resolver. Invalid values throw immediately instead of being emitted into script output. ### Workarounds Do not pass untrusted data into `createStreamableHead({ streamKey })` or `createBootstrapScript(key)`. If per-tenant keys are required, whitelist them against an identifier-safe pattern before constructing the head instance. ### Credit Thanks to @Jvr2022 for the report.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.15

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.13

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.