Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Use server repository instead of package defined #1119
Description of the Change
Use the repository URL returned from the atom.io server query as the URL of the repository, instead of the one defined by the package itself in its own metadata to prevent potential for impersonation of other authors.
Potential enhancements to this include making the atom.io server reject package versions where the metadata in the package doesn't agree with the repository the version is coming from. Since this hasn't been in place from the start though we need to either purge all packages from atom.io that don't match or implement something within Atom to hide this.
It should now be impossible to impersonate other authors within Atom's search results when submitting a package.
The repository defined in the package's metadata from