Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Overlay didn't display for a malicious package on NPM!! #148

Closed
baruchiro opened this issue Aug 7, 2023 · 4 comments
Closed

Overlay didn't display for a malicious package on NPM!! #148

baruchiro opened this issue Aug 7, 2023 · 4 comments
Assignees
@aviv1620
Labels
bug Something isn't working good first issue Good for newcomers Waiting for contributor

Comments

@baruchiro
Copy link
Collaborator

Navigate to binarium-crm, you will not see the Overlay extension for npmjs.org.

It is a malicious package, and it is a very important issue.
@baruchiro baruchiro added bug Something isn't working help wanted Extra attention is needed labels Aug 7, 2023
@aviv1620
Copy link
Contributor

aviv1620 commented Aug 7, 2023
edited
Loading

in any page that does not provide a Repository link, The "packageReport" component does not show.
For example:
https://www.npmjs.com/package/@tatumio/api-client
https://www.npmjs.com/package/@pie-lib/drag

page provide VS page not provide:
Untitled

@baruchiro
Copy link
Collaborator Author

Thanks @aviv1620 !

Need to mount Overlay based on another element that always exists.

@baruchiro baruchiro added good first issue Good for newcomers and removed help wanted Extra attention is needed labels Aug 7, 2023
@aviv1620
Copy link
Contributor

aviv1620 commented Aug 7, 2023
edited
Loading

Assignee

@aviv1620 aviv1620 mentioned this issue Aug 7, 2023
Merged
github-merge-queue bot pushed a commit that referenced this issue Aug 10, 2023
@aviv1620 @baruchiro
fix: Overlay didn't display "npmjs" pages that do not contain a repos…
a274b0b 
…itory element (#149)

fix issue 148.
#148

**content.npmjs.js** - mount Overlay based on h3 element title "install"
instead of repository element.
**utils.js** - if the element is not in the page. reject timeout after
10 seconds.
make bugs like this more easy to detect next time.
**.gitignore** - not pull cache and autogenerated files

---------

Co-authored-by: Baruch Odem (Rothkoff) <baruchiro@gmail.com>
@github-actions
Copy link

Hey! This task was taken over a few days ago, but nothing has happened since then. Maybe the current contributor can comment on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aviv1620 aviv1620

Labels
bug Something isn't working good first issue Good for newcomers Waiting for contributor
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@baruchiro @aviv1620