Closed wesinator closed 5 years ago
Package author displayed based on repository in atom packages settings may not match the actual author/publisher on atom.io, can be spoofed.
Expected behavior: Shows actual author of package based on atom.io author
Actual behavior: Package author is shown as being atom, presumably based on the user in the repository field.
repository
The package repo URL was set to atom - https://github.com/giovazz89/atom-whois/pull/4
Reproduces how often: 💯
macOS
Atom : 1.34.0 Electron: 2.0.16 Chrome : 61.0.3163.100 Node : 8.9.3 apm 2.1.3
@Arcanemagus raised a good point that this can be considered a security issue since obviously this package wasn't published by the Atom team.
Prerequisites
Description
Package author displayed based on repository in atom packages settings may not match the actual author/publisher on atom.io, can be spoofed.
Steps to Reproduce
Expected behavior: Shows actual author of package based on atom.io author
Actual behavior: Package author is shown as being atom, presumably based on the user in the
repository
field.The package repo URL was set to atom - https://github.com/giovazz89/atom-whois/pull/4
Reproduces how often: 💯
Versions
macOS