Remove test files from the npm package! F-Secure warning

tunnckoCore / opensource

Delivering delightful digital solutions. Monorepo of monorepos of Open Source packages with combined ~100M/month downloads, semantically versioned following @conventional-commits. Fully powered ES Modules, @Airbnb @ESLint + @Prettier, independent & fixed versioning. Quality with @Actions, CodeQL, & Dependabot.

https://tunnckocore.com/opensource

480 stars 18 forks source link

Remove test files from the npm package! F-Secure warning #240

Open Havunen opened 4 days ago

Havunen commented 4 days ago

https://github.com/koajs/body-parsers/issues/89

The dependency chain seems to be following:

"koa-better-body": "^3.3.9",

Loads "koa-body-parsers": "tunnckocore/body-parsers#patch-1"

which seems to be hosted here:

https://github.com/tunnckoCore/body-parsers/tree/patch-1

and it contains a test file shipped in the npm package.

Note: Koa-better-body is targeting koa-body-parser 3.1.0 is that still needed could it be updated to the official v5 ?

Havunen commented 4 days ago

https://www.f-secure.com/v-descs/trojan-downloader-js-maljas.shtml

Trojan-Downloader:JS/MalJas | F-Secure Labs
Technical details and removal instructions for programs and files detected by F-Secure products.

tunnckoCore commented 3 days ago

@Havunen hey there. Sorry for that. I'm not using koa much in the recent years and i have to catch up and update them. There was a reason why i specifically used my patch, have to review the v5.