Matt Cowley

The temptation to leave tech and run away to some charity in the countryside doing good for the world increases evermore each day.

@ryanmr @HenkPoley Matthew is one of Astro's founders, I believe? But either way, at least it is in an org now where multiple folks have control instead of a single person. And yeh, agree, don't understand why this needs to be installed every time rather than being optional for just that feature.

@MattIPv4 @HenkPoley I appreciate it's in an good org now. Supply chains slightly more resilient now. Is that Matthew part of Astro's team? Still not sure why wrangler needs to manage skills.

👀 Cloudflare's wrangler CLI (~20m installs/week) has a new dependency... a ~600kb WASM binary used by no other package on npm: `rosie-skills`. I've been told that it is a legitimate package published by an employee, but it really looks like the start of a supply chain attack...

@martindonadieu @paxaral Eh, it's slightly better, there are multiple folks there with control, it isn't tied to a single person.

@MattIPv4 @paxaral The Astro org is owned by the exact same guy if you think that is better you are a fool

@sdrth @Cloudflare Or pin the version they install (which I’ve been told they’re now going to do), or make the dependency entirely optional because does everyone really need a large binary to manage agent skills when they’re using wrangler to deploy stuff?

@MattIPv4 Why wouldn’t @cloudflare just vendor it in?

@tomaszs2 Not great. We were ignored on Discord the day before when raising concerns. So, filed the issue and tweeted the next day. Was surprised to see them dismiss the concerns in the issue and immediately lock it. Had to reach out on Discord again where they finally realised the risk.

@MattIPv4 How do you perceive how it was handled?

@leilavclark Good news is that Cloudflare confirmed it is github.com/withastro/rosie, and the binary is legit. Haven’t yet got clarification on why a large binary to manage agent skills is required for every install of wrangler though.

@MattIPv4 wasm? then it’s real lol

@martindonadieu @paxaral Who the author is doesn’t really change the risk, any employee with sole access to a package that ships a compiled binary could go rogue if they wanted to ship an update with malicious code hidden in it. Luckily, they’ve now moved the package into the Astro org to prevent that.

@paxaral @MattIPv4 Random ?😂 it’s the co creator of Astro 😂😂

@yuvadm @aethernet_port @BenjaminEHowe They confirmed that it is github.com/withastro/rosie, something for managing agent skills, but they have not explained why it is a required dependency for every wrangler install.

@MattIPv4 @aethernet_port @BenjaminEHowe Did they ever explain what this dependency actually is?

@HenkPoley @ryanmr Yeh, they’ve moved it into the Astro org as a follow up to this, so it is no longer controlled by a single employee.

@ryanmr @MattIPv4 Somehow that redirects to github.com/withastro/rosie ('withastro') for me.

@aethernet_port @BenjaminEHowe > they unlocked it when I replied The issue has been locked since I posted it, and they initially replied. They haven't unlocked it (hence I had to contact them via Discord for further discussion).

@BenjaminEHowe @MattIPv4 I think there were more clarifying responses + they unlocked it when I replied vs when you did :-) I understand your reaction

@alkimiadev @ryanmr Agree with your thinking on this. I have asked if this dependency actually needs to be a required dependency -- I can't see why everyone using wrangler to deploy their stuff needs to manage agent skills -- or whether this can be an optional dependency for just that feature.

@MattIPv4 @ryanmr I'm kind of a hard core minimalist when it comes to code. Throwing more code at a problem usually just makes things worse on several levels. Each line of code should explicitly justify its existence and if it can't then it should be removed since it is clearly unnecessary.

@aethernet_port @BenjaminEHowe I wouldn't say they were unfriendly, but they were rather dismissive and immediately locked the issue. I had to then reach out to them via Discord to explain the issue further before they understood and acknowledged how this could become a supply chain attack.

@BenjaminEHowe @MattIPv4 Looks like a friendly response to me

@dok2001 @loadingalias @danielhayesmith Thank you! Hopefully it can be made an optional dependency as well, I can’t imagine most folks using wrangler to deploy things need a tool for managing agent skills.

@loadingalias @MattIPv4 @danielhayesmith It's being moved to Astro org.

@bygregorr That’s all the justification they’ve given so far, and linked to the source repo in the GitHub repo.

@MattIPv4 wait, has anyone actually decompiled the 600kb binary yet, or is 'employee published it' where the audit stopped

@loadingalias @danielhayesmith @dok2001 The update I got on Discord is that they’re planning to pin it, but I haven’t heard concrete plans beyond that yet, though from the GitHub issue it sounds like they’re exploring reducing the size by replacing the WASM binary with a JS implementation, so we’ll see.

@MattIPv4 @danielhayesmith @dok2001 Did they say they would address it or what? I don’t play supply chain games and this stinks, IMO.

@danielhayesmith @dok2001 Cloudflare have confirmed in the GitHub issue that it is a legitimate dependency. However, not sure they’ve fully understood the risk is still there as this employee could later use this as a backdrop by publishing a new version, say if they were to be laid off…

@MattIPv4 @dok2001 can you verify?

@ryanmr Yeh, it is indeed a WASM version of that embedded into wrangler. Even knowing the author, still seems like such a risk to rely on a large binary shipped by a single employee. If they get laid-off and aren’t happy, they have a direct backdoor into every wrangler install…

@MattIPv4 Based on the name, I had guessed it was this github.com/matthewp/rosie . I am surprised it's embedded into wrangler

@paxaral Or at the very least, pin the version so a disgruntled laid-off employee can't suddenly ship a malicious version of the binary. I followed up with the team via Discord as they locked the GitHub issue 🙄, and it sounds like they've realised this risk now and are going to pin it.

@MattIPv4 Yeah even if it is real, I don’t want my wrangler CLI depending on random employee packages anyways. Fold it in and duplicate the code, to minimize any supply chain exposure

@awsdevelopers @UberEats

what do these two colors remind you of?