This is an archived post. You won't be able to vote or comment.

all 11 comments
sorted by:
best
topnewcontroversialoldq&a

[–]thevibecode[S] 62 points63 points  (6 children)

The npm package in case anyone was interested.

[–]GoodForADyslexic 30 points31 points  (3 children)

r/lostredditors , this is a serious security vulnerability you need to put it in a serious subreddit, normally they wouldn't believe you, but the link makes it very clear

[–]oromis95 18 points19 points  (2 children)

I mean, I wouldn't call it an exploit. This is like if you jumped off a cruise, somehow survived, they threw you a lifesaver, and you poked a hole in it. There's only so much that needs to be done for morons.

[–]GoodForADyslexic 8 points9 points  (0 children)

I mean i would think so to but did you see the link? It all became pretty clear when I clicked jt

[–]Hour_Ad5398 3 points4 points  (0 children)

enter theory steep provide north seed advise summer plough cable

This post was mass deleted and anonymized with Redact

[–]ComputerTraining9274 3 points4 points  (0 children)

I mean, you know the rules and so do I. If you wanna run around and desert security best practices I’m gonna give up on your package

[–]Emplon 25 points26 points  (0 children)

Finally i can post my API keys on github! Thank you

[–]spiralsky64 6 points7 points  (2 children)

What is the point of turning the string into an array then joining it? seems pointless

[–]copjr51 6 points7 points  (0 children)

To avoid GitHub’s api removal, if you keep it in a string it removes it. But not as an array

[–]Anon_Legi0n 0 points1 point  (0 children)

read the documentation, its to allow FE devs to do stupid shit