Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Does react-scripts start execute 'Powershell -encodedCommand'? #9530

Closed
chfw opened this issue Aug 24, 2020 · 0 comments
Closed

Does react-scripts start execute 'Powershell -encodedCommand'? #9530

chfw opened this issue Aug 24, 2020 · 0 comments
Labels
needs triage

Comments

@chfw
Copy link

chfw commented Aug 24, 2020

Someone in information security claim that when 'npm start' in git bash shell under Windows OS, 'powershell -encodedcommand ...' was executed, which will bring up security alerts!

Hence, I would like to know if this is really true? And what is full command done by powershell?

why is 'Powershell -encodedCommand' a problem? it allows you to execute a command that escapes audit.
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
needs triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chfw