Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
nw-flash-trust
Advanced tools
Readme
Cross-platform solution for NW.js and Electron to make your Flash plugins trusted, so they can run smoothly.
NW.js uses local file://
protocol to render pages. Unfortunately, for security reasons Flash Player doesn't like SWFs embedded locally and applies very restrictive policy to them. Such SWF lands in one of two possible local sandboxes, and communication via ExternalInterface is blocked.
Fortunately there is officially supported way of making your local SWF trusted, so previously mentioned restrictions don't apply. Full explanation can be found in Adobe Flash Player Administration Guide.
Long story short: you have to put text file in special directory provided by Flash Player and save to this file paths of SWFs you want to be trusted. This library provides cross-platform API for doing just that.
npm install nw-flash-trust
For simplicity API is fully synchronous. It does a little of I/O, but so little it shouldn't be an issue.
var path = require('path');
var flashTrust = require('nw-flash-trust');
// appName could be any globally unique string containing only
// big and small letters, numbers and chars "-._"
// It specifies name of file where trusted paths will be stored.
// Best practice is to feed it with "name" value from your package.json file.
var appName = 'myApp';
// Initialization and parsing config file for given appName (if already exists).
var trustManager = flashTrust.initSync(appName);
// Alternatively you can provide a custom flash config folder for initialization.
// This is useful for example if you use Atom Electron and a PPAPI flash plugin (like Pepper Flash),
// as the flash config folder in this case would be in the Atom Electron data path folder.
var trustManager = flashTrust.initSync(appName, '/yourApp-data-path/Pepper Data/Shockwave Flash/WritableRoot');
// adds given filepath to trusted locations
// paths must be absolute
trustManager.add(path.resolve('path-to', 'file.swf'));
// whole folders are also allowed
trustManager.add(path.resolve('path-to', 'folder'));
// removes given path from trusted locations
trustManager.remove(path.resolve('path-to', 'file.swf'));
// returns true or false whether given path is trusted or not
var isTrusted = trustManager.isTrusted(path.resolve('path-to', 'file.swf'));
// returns array containing all trusted paths
var list = trustManager.list();
// removes all trusted locations from config file
trustManager.empty();
MIT
FAQs
Flash Player trusted locations manager for NW.js and Atom Electron
The npm package nw-flash-trust receives a total of 11 weekly downloads. As such, nw-flash-trust popularity was classified as not popular.
We found that nw-flash-trust demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.