Hi Chris,
Actually, you can submit a whitelist there. It should follow the same semantics as .gitignore, and gitignore fully supports whitelisting like that:
```
*
!something
!foo.*
```
It's just rarely seen because it's a maintenance burden.
20.12.2013, 05:20, "Chris Winberry" <[email protected]>:
--Hey, htmlparser author here. I got concerned when I heard something malicious might have made its way into the package.
No malice but I will cop to stupidity. A while back (2 years now? wow) I made a quick fix and did not realize I had some vestiges of test data while working on a rewrite. That data was just some website being scraped while validating the parser that did not get cleaned up. Yes, .npmignore is a good idea but it won't prevent random mistakenly created file/folders from sneaking in; would be great if there were a whitelist-type dotfile for npm but I digress...
My apologies for the confusion and alarm. I have pushed up a v1.7.7 that has all that cleaned up.
On Thursday, December 19, 2013 7:27:23 PM UTC-5, Stephen Carnam wrote:Cleared by npm cache and uninstalled/re-installed nodejs just to double check (in case it's my Mac that's infected). Still showing up using npm. Yet it's not in git nor online source browsing. Filed with htmlparser author. I know it's not apart of jQuery core!Thanks for your quick reply :-)
On Thursday, December 19, 2013 4:17:03 PM UTC-8, Rick Waldron wrote:Please file a bug for this http://bugs.jquery.com and probably with https://github.com/tautologistics/node-htmlparserThanksRickOn Thu, Dec 19, 2013 at 7:13 PM, Stephen Carnam <[email protected]> wrote:Noob to nodejs (but not to _javascript_). Today I needed jQuery functionality in a nodewebkit app I'm writing and so I ran "npm install jquery". However, I noticed the following show up in Netbeans as it tracks remote dependencies being referenced now that jQuery is present; these are curiously named:show_ads.jsurchin.jsAnd appear to be coming from a "testdata\trackerchecker.html" page, in a folder along with a bunch of hidden ".tmp" files in the jQuery node_modules dependency, htmlparser version 1.7.6 (the current version is 2.0.0). However, this "testdata" doesn't appear in the current version or archive in github. Further examination is showing that this page is some sort of torrent checker software. What the heck does this have to do with jQuery and does anyone know if it's legit (suspect as it's not in the author's github version)?Is this just a poorly chosen testing document, or does "piratebits" and "pi sexy" have any relevance here?Screenshot attached...
--
--
Job Board: http://jobs.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups "nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.--
--
Job Board: http://jobs.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups "nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
--
Job Board: http://jobs.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups "nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
