Hey, htmlparser author here. I got concerned when I heard something malicious might have made its way into the package.
No malice but I will cop to stupidity. A while back (2 years now? wow) I made a quick fix and did not realize I had some vestiges of test data while working on a rewrite. That data was just some website being scraped while validating the parser that did not get cleaned up. Yes, .npmignore is a good idea but it won't prevent random mistakenly created file/folders from sneaking in; would be great if there were a whitelist-type dotfile for npm but I digress... My apologies for the confusion and alarm. I have pushed up a v1.7.7 that has all that cleaned up. On Thursday, December 19, 2013 7:27:23 PM UTC-5, Stephen Carnam wrote: > > Cleared by npm cache and uninstalled/re-installed nodejs just to double > check (in case it's my Mac that's infected). Still showing up using npm. > Yet it's not in git nor online source browsing. Filed with htmlparser > author. I know it's not apart of jQuery core! > > Thanks for your quick reply :-) > > On Thursday, December 19, 2013 4:17:03 PM UTC-8, Rick Waldron wrote: >> >> Please file a bug for this http://bugs.jquery.com and probably with >> https://github.com/tautologistics/node-htmlparser >> >> Thanks >> >> Rick >> >> >> On Thu, Dec 19, 2013 at 7:13 PM, Stephen Carnam <[email protected]>wrote: >> >>> Noob to nodejs (but not to JavaScript). Today I needed jQuery >>> functionality in a nodewebkit app I'm writing and so I ran "npm install >>> jquery". However, I noticed the following show up in Netbeans as it tracks >>> remote dependencies being referenced now that jQuery is present; these are >>> curiously named: >>> >>> show_ads.js >>> urchin.js >>> >>> And appear to be coming from a "testdata\trackerchecker.html" page, in a >>> folder along with a bunch of hidden ".tmp" files in the jQuery node_modules >>> dependency, htmlparser version 1.7.6 (the current version is 2.0.0). >>> However, this "testdata" doesn't appear in the current version or archive >>> in github. Further examination is showing that this page is some sort of >>> torrent checker software. What the heck does this have to do with jQuery >>> and does anyone know if it's legit (suspect as it's not in the author's >>> github version)? >>> >>> Is this just a poorly chosen testing document, or does "piratebits" and >>> "pi sexy" have any relevance here? >>> >>> Screenshot attached... >>> >>> >>> <https://lh6.googleusercontent.com/-r6EdHz9Ujho/UrOKyuN8UCI/AAAAAAAAAO0/Leypy8i59vk/s1600/npm.jpg> >>> >>> >>> -- >>> -- >>> Job Board: http://jobs.nodejs.org/ >>> Posting guidelines: >>> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >>> You received this message because you are subscribed to the Google >>> Groups "nodejs" group. >>> To post to this group, send email to [email protected] >>> To unsubscribe from this group, send email to >>> [email protected] >>> For more options, visit this group at >>> http://groups.google.com/group/nodejs?hl=en?hl=en >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "nodejs" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >> >> -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
