Open warrenbhw opened 2 months ago
cc @ericfennis - created this thread as follow-up on discussion in the other issue thread here.
Just had this issue as well, became quite worried that this package had included a data logger. So yeah we can resolve this issue by disabling adblock on our machines for localhost, but to ask our customers to do it..
So might just end up not using this package :/
Package
Description
TL;DR: Popular ad blockers such as uBlock, uBlock Origin, and AdBlock try to prevent the loading of tracking scripts, which may include a "fingerprinting" module such as https://fingerprint.com/.
In some cases, the Fingerprint icon in Lucide is served as /fingerprint.js, which triggers ad blockers to block requests from the same origin or disable javascript on the page, breaking applications.
My proposal is to rename the Fingerprint icon to something like Thumbprint (note: this one runs some risk of being flagged as well, but probably safe), Fingermark, Fingerpad, Thumbmark, Blot, Blotch, or Smudge.
Longer explanation
see previous discussion of this issue here: https://github.com/lucide-icons/lucide/issues/1675
In some frameworks (ex. the standard Vite setup for SolidJS), the Fingerprint icon will be served to the browser as
/fingerprint*
.Ad blockers see the keyword "fingerprint", which in this case is simply a reference the lucide Fingerprint icon, and assume that this is a fingerprinting script, rather than a literal SVG in the shape of a human fingerprint. As a result, blockers may attempt to disable Javascript on the page or block requests sent to that fingerprint script origin, which causes the app to fail.
Not all application frameworks or environments will have this issue, because they do one of these things:
Because of these mitigating factors, the primary case where this has been observed is when running a SolidJS/SolidStart app in dev mode, as there is likely no tree shaking. However (pending validation), I think there are cases in which this could impact production Solid apps and perhaps other frameworks.
Assuming that I have the correct diagnosis, here are some possible solutions:
Use cases
Avoid breaking my SolidJS app in dev (or in prod if I actually use the Fingerprint icon).
Checklist