Capgo CLI - Arbitrary File Overwrite via Symlink-Following in Local Credential Operations

An attacker creates a malicious repository containing a symlink named `.capgo` or `.capgo-credentials.json` pointing to an arbitrary target file on the developer's filesystem. When the developer runs `capgo login --local` or `capgo build credentials save --local` inside that repository, the CLI follows the symlink and overwrites the target with attacker-controlled content (an API key string or a credentials JSON payload). The overwrite occurs even when authentication fails (for login) or when the user is not logged in (for credentials save). On shared systems, the global credentials file is written with world-readable permissions (664), exposing signing material to other local users. [ref_id=1]

The advisory identifies two source files: `src/login.ts` (the `loginInternal` function writes `.capgo` via `writeFileSync` without symlink checks) and `src/build/credentials.ts` (the `build credentials save --local` path writes `.capgo-credentials.json` via `writeFile` without symlink checks, and the global path `$HOME/.capgo-credentials/credentials.json` is created with permissions 664). [ref_id=1]

The advisory recommends three remediation steps: refuse symlink destinations by using `lstat` + `isSymbolicLink` before writing, enforce safe permissions (0600 for files, 0700 for directories), and write atomically (temp file + rename) after safety checks. Additionally, the advisory suggests deferring the `.capgo` write until after API key validation succeeds, and checking that `.gitignore` is a regular file before appending to it. The patch (version 12.128.2) implements these changes to prevent symlink following and to set restrictive permissions. [ref_id=1]