Resolve the NPM question name

Adyen / adyen-cse-web

[DEPRECATED] Client-side encryption on JavaScript

MIT License

15 stars 39 forks source link

Resolve the NPM question name #79

Closed jotafeldmann closed 5 years ago

jotafeldmann commented 5 years ago

Guys,

1) I was blindly trying to install the Adyen solution, just using the same repository name in NPM: npm install adyen-cse-web.

2) So, the result was nothing was installed;

3) After checking the README:

Node module
Add to your package.json:

"dependencies": {
  "adyen-cse-web": "git+https://github.com/Adyen/adyen-cse-web.git#v0.1.XX"
}

My question here is: the possibility to some cracker steal the NPM namespace and do bad things? Imagine, in the sequence, another developer blindly goes to step 1?

So I checked the NPM registry for adyen-cse-web and there's no registry.

The news is: I registered the adyen-cse-web repository, pointing to one of my dummies repository.

Please, someone from Adyen make contact with me to:

1) Take control of the repository and; 2) Correct or change the NPM registry.

jotafeldmann commented 5 years ago

One more thing: there are some requests about that NPM namespace issue: https://github.com/Adyen/adyen-cse-web/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+npm

Trigalti commented 5 years ago

Hey jotafeldmann, thanks for contacting us and registering the NPM repository. We will take care of it, how may I reach you?

jotafeldmann commented 5 years ago

@Trigalti: you can reach me by the same contact at ZenDesk's support ticket #488047.

mastermatt commented 5 years ago

Note that for the last two years NPM has hosted https://www.npmjs.com/package/adyen-cse-js which points to this repo and seems to host v0.1.19 without any malicious additions.

Thank you @jotafeldmann for doing this. Adyen please publish under an official account and ask https://www.npmjs.com/~newage to remove their package.

jotafeldmann commented 5 years ago

@Trigalti @mastermatt after email contact by Mr Kohei, I've invited adyencom @ NPM to be a maintainer and started the process to transfer.

jotafeldmann commented 5 years ago

I'll wait to complete the transfer and then close the issue.

Trigalti commented 5 years ago

@jotafeldmann Thanks a lot. @mastermatt will do.

jotafeldmann commented 5 years ago

@Trigalti @mastermatt,

Today (29th November 2018) I don't have access to the adyen-cse-web package on NPM. So I'm assuming that my access was revoked by adyencom user.

Then, I try to install the adyen-cse-web and the response is:

npm install adyen-cse-web
npm ERR! code ENOVERSIONS
npm ERR! No valid versions available for adyen-cse-web

With that behavior, I'm assuming that Adyen is controlling the repository and preventing any future problems in that matter. Finally, I'm closing that issue.

Thanks for the attention.