-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is this package malware? #20
Comments
It’s the compressed (customs format) utf-8 data for ENS normalization. :) |
I can add comments to those blobs however I'm not sure if the The base64-encoded payloads are built by src/make.js. From my tests, this technique beats gzip even with the overhead of including the decompressor. I can add checksum hashes to each for extra assurance. I've looked at a lot of Unicode-related libraries and nearly all of them include magic files and exotic build scripts. They're also very fragile in the sense they're almost impossible to safely tweak. This project is both end-to-end and designed for easy experimentation. If you clone the repo, you should be able to derive the entire spec and build the library, starting from the raw ingredients (Unicode files + ENS Rules) by following the readme instructions . Clone-to-built should take less than a minute. You can even go a step further, delete the Unicode data, and download it yourself. A fresh build should reproduce the spec hash found in my build. The build process also embeds all of the source information in src/include-versions.js. |
Yes, they are. I audit code. I did not download your repo. I downloaded ethers, non-minified. I see this base64 stuff that's impossible to decrypt without spending a few hours. It definitely feels like malware. So, again, the comments are needed and they would help. What is the specific build size win you're getting from this technique?
This could help, but the comments are still needed, with detailed steps on how to reproduce it, links to README, etc. |
Yes, that's much better. |
These changes went live in 1.9.4 |
Probably not, but why are you having this code?
This looks very similar to something malware would do. There are no comments or a description of this code.
If this is not malware, you should really add some comments.
The text was updated successfully, but these errors were encountered: