Closed albertwangnz closed 1 year ago
The styled-components
package has an Unintended Behavior. The postinstall.js
file looks for users using a ru
time-zone to show a political protest message using the console.warn()
function. Also, the absence of this file in the 5.3.4 version causes a crash when the package is installed.
Hi @ken-duck sorry to bother you again. About [The postinstall.js file looks for users using a ru time-zone to show a political protest message using the console.warn() function.].
I cannot find the file [postinstall.js] on their GitHub https://github.com/styled-components/styled-components. Do you know where the file locates?
Thank you.
@albertwangnz - here is the file: https://github.com/styled-components/styled-components/blob/legacy-v5/packages/styled-components/postinstall.js on the legacy-v5 branch
@albertwangnz - here is the file: https://github.com/styled-components/styled-components/blob/legacy-v5/packages/styled-components/postinstall.js on the legacy-v5 branch
Thanks, @drewheasman , I now also see the file on the other v5 tags, like v5.3.6.
I can find the Unintended Behavior code so I will close the issue here. Thank you.
Vulnerability URL
Component URL
Description OSSINDEX reports the vulnerability [sonatype-2022-2249 - The application contains code that appears to be malicious in nature] in styled-components. It provides the reference.
However, there is no related information in the reference.
Can anybody explain the issue?
Thank you.