sweetalert2-neutral
Advanced tools
A beautiful, responsive, customizable and accessible (WAI-ARIA) replacement for JavaScript's popup boxes, supported fork of sweetalert. Neutral version without 'protest-ware' features / spyware.
This drop-in Swal2 replacement removes recent ongoing protestware "features" forcing Limonte's political views upon end-users, breaking automated tests and causing other harm along the way.
Original library is now "prohibited" to use in certain countries. This is however stated only in the readme, not in the license you obtain the source with and therefore probably isn't legally binding. For users with navigator.location matching ru, su or рф the original library now aggressively replaces the entire page content with Limonte's political messages.
See: https://security.snyk.io/vuln/SNYK-JS-SWEETALERT2-2774674, https://github.com/sweetalert2/sweetalert2/pull/2462
Harm done by the original library: https://github.com/sweetalert2/sweetalert2/issues/2568, https://github.com/sweetalert2/sweetalert2/issues/2561, https://github.com/sweetalert2/sweetalert2/issues/2560, https://github.com/sweetalert2/sweetalert2/issues/2552
Install:
npm i sweetalert2-neutral
If using imports, replace:
- import Swal from 'sweetalert2';
+ import Swal from 'sweetalert2-neutral';
or use pre-built binaries.
I am a Russian citizen, should I merge to Swal2-NEUTRAL?
Most certainly. Currently you could (in theory) end up in prison up for 20 years. See the law.
Limonte acknowledged this with sarcasm about npm ecosystem security.
I am a non-Russian citizen, should I merge to Swal2-NEUTRAL?
Most certainly. By merging you will mitigate the 10% chance of unwanted HTML being injected to your site. your entire page content being overwriten. See this issue or this one for the confusion this can create.
I want to have anti-war messages displayed on my site, should I merge to Swal2-NEUTRAL?
Most certainly. By merging you can decide which anti-war messages you want to display, instead of relying on volatile & abruptly changing implementation by Limonte.
Are there any other changes apart from removing "anti-war" messages?
No.
Are there any other benefits apart from unwanted banners not showing up on my site?
Yes, the library is ~5% smaller, thus less traffic is used and your site loads faster.
How do I migrate to Swal2-NEUTRAL?
npm uninstall sweetalert2 npm i sweetalert2-neutralThe original fork annoucement accumulated over 20 positive reactions, originally even Limonte reacted with "thumbs up". A few days later he changed his mind and resorted to censorship, deleting the annoucement:
Here used to be a note about how to sponsor the original Swal2 library, but due to censorship used by Limonte, this information is now removed.
FAQs
A beautiful, responsive, customizable and accessible (WAI-ARIA) replacement for JavaScript's popup boxes, supported fork of sweetalert. Neutral version without 'protest-ware' features / spyware.
The npm package sweetalert2-neutral receives a total of 2,457 weekly downloads. As such, sweetalert2-neutral popularity was classified as popular.
We found that sweetalert2-neutral demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.