Closed pdehaan closed 6 years ago
I'm semi-confused... Looks like the blurts-addon uses "MailRu.svg" but the blurts-server uses "MailRU.svg".
mozilla/blurts-addon ./src/PwnedLogos/MailRu.svg
versus
mozilla/blurts-server ./public/img/logos/MailRU.svg
Figure 1: https://monitor.firefox.com/?breach=MailRu
versus
Since the blurts-addon repo has a ./package.json file (and a breaches.json file and all the embedded logos, etc), I'm really starting to wonder if we should just mark the add-on as a dependency of the blurts-server and then have some postinstall script which copies over all the assets from the ./node_modules/blurts-addon/ folder.
I think this is the only offending file... I did an $ npm i mozilla/blurts-addon mozilla/blurts-server in a dummy project and apart from the one logo, the files seem in sync:
const fs = require("fs");
const addonLogos = fs.readdirSync("./node_modules/blurts-addon/src/PwnedLogos/")
.filter(file => !file.startsWith("."));
const serverLogos = fs.readdirSync("./node_modules/blurts-server/public/img/logos/")
.filter(file => !file.startsWith("."));
const addonNotServer = addonLogos.filter(logo => !serverLogos.includes(logo));
console.log("Add-on, but not Server:", addonNotServer);
const serverNotAddon = serverLogos.filter(logo => !addonLogos.includes(logo));
console.log("Server, but not Add-on:", serverNotAddon);
/* OUTPUT:
Add-on, but not Server: [ 'MailRu.svg' ]
Server, but not Add-on: [ 'MailRU.svg' ]
*/
via Devtools console when searching https://monitor.firefox.com/scan for "test@example.com".
Oddly, it looks like the file is there, but possibly a case sensitivity issue:
And here's the latest breach data from HIBP: