Pin GitHub Actions Deps to Avoid Axios Supply Chain Attacks
OpenAI's macOS signing cert exposed via malicious Axios npm package in GitHub Actions; rotate certs, pin to commit hashes, set minimumReleaseAge—no user data lost.
Secure CI/CD Against Supply Chain Attacks
A North Korean actor compromised Axios npm library (v1.14.1) on March 31, 2026, as part of a broad attack. OpenAI's GitHub Actions workflow for macOS app signing (ChatGPT Desktop, Codex App/CLI, Atlas) downloaded and ran the malicious version, exposing signing certificates and notarization materials. Root cause: using floating tag instead of specific commit hash and lacking minimumReleaseAge config, allowing instant malicious package pulls.
Key lesson: Always pin dependencies to commit hashes in GitHub Actions (e.g., avoid @latest or tags) and enforce minimumReleaseAge to delay new package adoption, blocking rapid supply chain exploits. OpenAI confirmed no cert exfiltration due to workflow timing and mitigations, but rotated anyway—no evidence of data breach, IP theft, or tampered software.
Proactive Cert Rotation and Apple Coordination
OpenAI engaged forensics firm, revoked old cert, issued new builds, and collaborated with Apple to block new notarizations using prior cert. Reviewed all notarizations: all expected, no unauthorized apps. Post-revocation (May 8, 2026), macOS blocks old-signed app launches/downloads unless bypassed.
Trade-off: Delayed full revocation 30 days to avoid disrupting users, monitoring for misuse. Result: New fake OpenAI apps would lack notarization and fail Gatekeeper by default, minimizing risk during transition.
User Impact: Update macOS Apps Now
Only macOS affected (iOS/Android/Linux/Windows/web safe). Pre-May 8 versions lose support/updates:
- ChatGPT Desktop: <1.2026.051
- Codex App: <26.406.40811
- Codex CLI: <0.119.0
- Atlas: <1.2026.84.2
Update via in-app or official links: ChatGPT, Codex, Codex CLI, Atlas. Avoid third-party sources to prevent phishing. No password/API key changes needed.