pnpm vulnerable to no-script global cache poisoning via overrides / `ignore-scripts` evasion
Description
The package manager pnpm prior to version 9.15.0 seems to mishandle overrides and global cache: Overrides from one workspace leak into npm metadata saved in global cache; npm metadata from global cache affects other workspaces; and installs by default don't revalidate the data (including on first lockfile generation). This can make workspace A (even running with ignore-scripts=true) posion global cache and execute scripts in workspace B. Users generally expect ignore-scripts to be sufficient to prevent immediate code execution on install (e.g. when the tree is just repacked/bundled without executing it). Here, that expectation is broken. Global state integrity is lost via operations that one would expect to be secure, enabling subsequently running arbitrary code execution on installs. Version 9.15.0 fixes the issue. As a work-around, use separate cache and store dirs in each workspace.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pnpmnpm | < 9.15.0 | 9.15.0 |
Affected products
1Patches
13 files changed · +32 −3
.changeset/silent-wombats-roll.md+6 −0 added@@ -0,0 +1,6 @@ +--- +"@pnpm/npm-resolver": patch +"pnpm": patch +--- + +Don't ever save mutated metadata to the metadata cache.
resolving/npm-resolver/src/pickPackage.ts+5 −3 modified@@ -205,10 +205,12 @@ export async function pickPackage ( // only save meta to cache, when it is fresh ctx.metaCache.set(spec.name, meta) if (!opts.dryRun) { + // We stringify this meta here to avoid saving any mutations that could happen to the meta object. + const stringifiedMeta = JSON.stringify(meta) // eslint-disable-next-line @typescript-eslint/no-floating-promises runLimited(pkgMirror, (limit) => limit(async () => { try { - await saveMeta(pkgMirror, meta) + await saveMeta(pkgMirror, stringifiedMeta) } catch (err: any) { // eslint-disable-line // We don't care if this file was not written to the cache } @@ -285,14 +287,14 @@ async function loadMeta (pkgMirror: string): Promise<PackageMeta | null> { const createdDirs = new Set<string>() -async function saveMeta (pkgMirror: string, meta: PackageMeta): Promise<void> { +async function saveMeta (pkgMirror: string, meta: string): Promise<void> { const dir = path.dirname(pkgMirror) if (!createdDirs.has(dir)) { await fs.mkdir(dir, { recursive: true }) createdDirs.add(dir) } const temp = pathTemp(pkgMirror) - await gfs.writeFile(temp, JSON.stringify(meta)) + await gfs.writeFile(temp, meta) await renameOverwrite(temp, pkgMirror) }
resolving/npm-resolver/test/index.ts+21 −0 modified@@ -92,6 +92,27 @@ test('resolveFromNpm()', async () => { expect(meta['dist-tags']).toBeTruthy() }) +test('resolveFromNpm() does not save mutated meta to the cache', async () => { + nock(registry) + .get('/is-positive') + .reply(200, isPositiveMeta) + + const cacheDir = tempy.directory() + const { resolveFromNpm } = createResolveFromNpm({ + cacheDir, + }) + const resolveResult = await resolveFromNpm({ alias: 'is-positive', pref: '1.0.0' }, { + registry, + }) + + resolveResult!.manifest!.version = '1000' + + // The resolve function does not wait for the package meta cache file to be saved + // so we must delay for a bit in order to read it + const meta = await retryLoadJsonFile<any>(path.join(cacheDir, 'metadata/registry.npmjs.org/is-positive.json')) // eslint-disable-line @typescript-eslint/no-explicit-any + expect(meta.versions['1.0.0'].version).toBe('1.0.0') +}) + test('resolveFromNpm() should save metadata to a unique file when the package name has upper case letters', async () => { nock(registry) .get('/JSON')
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-vm32-9rqf-rh3rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-53866ghsaADVISORY
- github.com/pnpm/pnpm/commit/11afcddea48f25ed5117a87dc1780a55222b9743ghsax_refsource_MISCWEB
- github.com/pnpm/pnpm/security/advisories/GHSA-vm32-9rqf-rh3rghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.