Anti-trojan-source scan detects potential glassworm threats #1064
Description
Hello
Following this articles,
https://www.aikido.dev/blog/glassworm-returns-unicode-attack-github-npm-vscode
https://snyk.io/fr/articles/defending-against-glassworm/
We're working in my organization to detect the potential threats in our tools.
We get 2 critical alerts with the scan results in browser extension, and especially with vuejs extension:
npx anti-trojan-source --files="$HOME/Library/Application Support/Google/Chrome/Profile 1/Extensions/nhdogjmejiglipccpnnnanhbledajbpd/7.7.7_0/client/*.js"
(65 issues) ❌ /$HOME/Library/Application Support/Google/Chrome/Profile 1/Extensions/nhdogjmejiglipccpnnnanhbledajbpd/7.7.7_0/client/index-B-XIiefs.js
(65 issues) ❌ /$HOME/Library/Application Support/Google/Chrome/Profile 1/Extensions/nhdogjmejiglipccpnnnanhbledajbpd/7.7.7_0/client/index-C7XPmmLS.js
┌───────────────── SCAN SUMMARY ─────────────────┐
│ Files Scanned: 2 │
│ Files with Issues: 2 │
│ Total Issues: 130 │
│ Critical: 2 │
│ Warnings: 128 │
└────────────────────────────────────────────────┘
When I open one of two files with vim (to see the bidi unicode characters), I get a weird sequence of characters:
Is it possible to check on your side and tell us if there is no risk to use this extension ?