search

PurpleTurtleCreative / website

Official WordPress website of Purple Turtle Creative.
https://purpleturtlecreative.com/
1 stars 0 forks source link

Completionist's node_modules not properly excluded in recent Completionist Pro update #19

Closed MichelleBlanchette closed 3 weeks ago

MichelleBlanchette commented 3 weeks ago

WordFence reported a malicious code file within Completionist Pro's files... 🫠

Completionist's node_modules should never be included in releases. I know I was having a struggle when updating Completionist Pro for the website during this most recent deployment. Hopefully the recent release of Completionist Pro isn't affected, but it should also be reviewed and corrected if so.

Critical Problems:

  • File contains suspected malware URL: wp-content/plugins/completionist-pro/lite/completionist/node_modules/third-party-web/lib/snapshots/index.test.js.snap

The malicious URL matched image

MichelleBlanchette commented 3 weeks ago

Hm... I'm still seeing an issue, but I think I found the error in the GitHub Action run:

sed: can't read completionist-pro/lite/completionist/.distignore: No such file or directory

Screenshot 2024-10-19 at 12 05 15 AM
MichelleBlanchette commented 3 weeks ago

MUCH better 😃

Screenshot 2024-10-19 at 10 33 33 AM