14Kas
What was the concern that caused the warning in GitHub Actions documentation about setting NODE_OPTIONS?
In the documentation on GitHub Actions there is a note,
Due to security restrictions,
GITHUB_ENVcannot be used to set theNODE_OPTIONSenvironment variable.
What exploit were they trying to suppress by making this one-off exception. It would seem like generally if you can write to the CI (or change the environment), you
- already have access to the repo
- because of this, you have code-execution on the runners
Why would this one-off rule be required?
