Why is a Shockwave Flash SWF file included and then triggering macOS ransomewhere alerts? #843
Comments
|
I'm not sure what that warning image is even saying. Is it saying node locked those files? What does that mean in this case? Just a regular file lock or is this tool saying it's doing something evil? Does that even have anything to do with the files that are being locked like the swf? That old flash support was there to do raw socket connections in a browser. Now that flash has fallen out of favor, it's not of much use anymore. Assuming the swf file hasn't been modified, it should be safe. The 4+ year old code and prebuilt swf are available in the You might want to contact your scanner vendor and ask them why this is happening. |
|
I assumed this was macOS, but maybe ReiKey or Clamxav |
|
Any update? Adobe has sunset Flash for security risk. Any reason why this module still exists/needed? |
|
+1 |
1 similar comment
|
+1 |
|
@davidlehn would you be open if I create a PR and drop the support of this entirely? I think many enterprise security monitoring tools generally flag these. I'd rather not to fork and maintain this as node-forge is used by popular tools like webpack server. |
|
There is no trojan or malicious code here at all. It's a shame that security scanner tools are buggy and think there are issues. That being said, I suppose it is time to drop the flash bits. Hard to tell if anyone still uses the flash support. I assume very few projects, if any, still do. I think the way to update is to leave the flash files in the source repo, stop shipping in the npm package, update docs and so on explaining the issue, and release a major update. |
This is after doing
npx expo install.The text was updated successfully, but these errors were encountered: