Roo Code npm Install Command Auto-Approval Vulnerability Allowing Arbitrary Code Execution

A vulnerability in Roo Code versions through 3.25.23 allows for arbitrary code execution via malicious postinstall scripts in package.json files. The issue arises because npm install is included in a default list of commands that can be auto-approved, bypassing manual oversight. When a user opens a repository with a harmful postinstall script, the script is executed automatically, potentially leading to exploitation.

Impact

Exploitation of this vulnerability could result in arbitrary code execution on the user's system.

Reproduction

To reproduce this vulnerability, enable the auto-approve feature in the Roo Code extension. Then, open a repository that contains a package.json file with a malicious postinstall script. The npm install command will be executed automatically, without user approval, allowing the postinstall script to run and potentially execute arbitrary code.

Remediation

Users can update to Roo Code version 3.26.0 or later, where this vulnerability has been fixed. The update removes dangerous commands from the default auto-approve allowlist and ensures that these commands are no longer permitted after the extension is updated.