Runbook: Dependency Attack
Security SpecialistOperations & StrategyDevops
Stub runbook. Customize with your package management and build procedures.
Quick Reference
| Field | Value |
|---|---|
| Typical Severity | P1 |
| Primary Responder | Frontend SME |
| Last Updated | [Date] |
| Owner | [Name] |
Identification
Symptoms
- Unexpected behavior after dependency update
- Security advisory for a package you use
- Malicious code found in node_modules or similar
- Lockfile changes you didn't make
Confirm Dependency Attack
npm audit
# or
yarn auditCheck for recent lockfile changes in git history.
Immediate Actions
- Take down site to stop serving malicious code
- Identify the malicious package
- Pin dependencies to last known good version
- Rebuild from clean environment
Mitigation
- Remove or replace malicious package
- Update lockfile with known good versions
- Rebuild using
npm cioryarn --frozen-lockfile - Redeploy verified build
Prevention
- Use lockfiles and commit them
- Use
npm ci/yarn --frozen-lockfilein CI - Regularly audit dependencies
- Consider using a private registry
- Pin exact versions for critical packages
- Review dependency changes in PRs