search

alexfernandez / loadtest

Runs a load test on the selected URL. Fast and easy to use. Can be integrated in your own workflow using the API.
MIT License
2.55k stars 206 forks source link

Displaying political slogans after installing loadtest #207

Closed rudimadima closed 11 months ago

rudimadima commented 1 year ago

loadtest has es5-ext dependency, which show political text after loadtest installation. This is very harmful to the open-source software community. The program does what it shouldn't do.

alexfernandez commented 1 year ago

Just installed loadtest locally, I see no messages at all:

$ npm i loadtest

added 31 packages, and audited 32 packages in 4s

1 package is looking for funding
  run `npm fund` for details

found 0 vulnerabilities

Care to give more details?

rudimadima commented 1 year ago

Source: https://github.com/medikoo/es5-ext/blob/main/_postinstall.js

if (
        [
            "Asia/Anadyr", "Asia/Barnaul", "Asia/Chita", "Asia/Irkutsk", "Asia/Kamchatka",
            "Asia/Khandyga", "Asia/Krasnoyarsk", "Asia/Magadan", "Asia/Novokuznetsk",
            "Asia/Novosibirsk", "Asia/Omsk", "Asia/Sakhalin", "Asia/Srednekolymsk", "Asia/Tomsk",
            "Asia/Ust-Nera", "Asia/Vladivostok", "Asia/Yakutsk", "Asia/Yekaterinburg",
            "Europe/Astrakhan", "Europe/Kaliningrad", "Europe/Kirov", "Europe/Moscow",
            "Europe/Samara", "Europe/Saratov", "Europe/Simferopol", "Europe/Ulyanovsk",
            "Europe/Volgograd", "W-SU"
        ].indexOf(new Intl.DateTimeFormat().resolvedOptions().timeZone) === -1
    ) {
        return;
    }
bellegarde-c commented 1 year ago

@rudimadima What is the issue? I do not see Political, just facts.

rudimadima commented 1 year ago

@bellegarde-c , you don't see the message because your time zone is not included in the corresponding list. I posted the link above. es5-ext - this is dependency of loadtest.

alexfernandez commented 1 year ago

I see the issue now. I am afraid that es5-ext is not a direct dependency on loadtest, but it is loaded by websocket which is a direct dependency of loadtest. So I suggest you bring the issue up with the websocket creators, as I don't want to lose the websocket functionality. You can also send a PR with an alternative dependency.

bellegarde-c commented 1 year ago

@bellegarde-c , you don't see the message because your time zone is not included in the corresponding list. I posted the link above. es5-ext - this is dependency of loadtest.

I see the messages, translated them and only see facts.

alexfernandez commented 11 months ago

Closing this issue, please send a patch or move to discussions.