search

transitive-bullshit / chatgpt-twitter-bot

Twitter bot powered by OpenAI's ChatGPT API. It's aliveeeee 🤖
https://twitter.com/ChatGPTBot
MIT License
735 stars 98 forks source link

WIP testing workarounds for cloudflare protections #5

Closed transitive-bullshit closed 1 year ago

transitive-bullshit commented 1 year ago

See https://github.com/transitive-bullshit/chatgpt-api/issues/96

So far, none of my attempts have been stable.

socket-security[bot] commented 1 year ago

Socket Security Pull Request Report

Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package Script field Source
playwright@1.28.1 (added) install package.json
😵‍💫 Bin script confusion

This package has multiple bin scripts with the same name. This can cause non-deterministic behavior when installing or could be a sign of a supply chain attack

Consider removing one of the conflicting packages. Packages should only export bin scripts with their name

Package Bin script Source
@playwright/test@1.28.1 (added) playwright package.json via chatgpt-token@0.0.1
playwright@1.28.1 (added) playwright package.json
playwright-core@1.28.1 (added) playwright package.json via playwright@1.28.1
Pull request report summary
Issue Status
Install scripts ⚠️ 1 issue
Native code ✅ 0 issues
Bin script confusion ⚠️ 3 issues
Bin script shell injection ✅ 0 issues
Unresolved require ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues
Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@2.4.2

  • @SocketSecurity ignore playwright@1.28.1
  • @SocketSecurity ignore @playwright/test@1.28.1
  • @SocketSecurity ignore playwright-core@1.28.1

⚠️ Please accept the latest app permissions to ensure bot commands work properly. Accept the new permissions here.

Powered by socket.dev