Skip to content

Instantly share code, notes, and snippets.

View sitepoint-hacked.md

Dear SitePoint Member,

We have recently confirmed that SitePoint’s infrastructure was breached by a third party and some non-sensitive customer data was accessed as part of this attack.

As a precautionary measure, while we continue to investigate, we have reset passwords on all accounts and increased our required length to 10 characters. Next time you login to SitePoint you will need to create a new password.

Your browser will remain logged in if you have used our service recently. However, you can still create a new password manually by clicking on the ‘Account > Profile & Settings’ option and entering your details in the ‘Change your password’ section.

@joepie91
joepie91 / glossary.md
Created Jan 6, 2021
Quill.js glossary
View glossary.md

Since Quill.js doesn't seem to document its strange jargon-y terms anywhere, here's a glossary that I've put together for it. No guarantees that it's correct! But I've done my best.

Quill - The WYSIWYG editor library

Parchment - The internal model used in Quill to implement the document tree

Scroll - A document, expressed as a tree, technically also a Blot (node) itself, specifically the root node

Blot - A node in the document tree

@joepie91
joepie91 / README.md
Last active Apr 11, 2021 — forked from thibaudcolas/README.md
Video Downloader professional kmdldgcmokdpmacblnehppgkjphcbpnn background.js
View README.md

Video Downloader professional kmdldgcmokdpmacblnehppgkjphcbpnn background.js

NOTE: This is a fork of the original Gist, with the code made more readable, and additional analysis added.

This is the source of background.js for a now-unpublished Chrome extension called "Video Downloader professional" (ID kmdldgcmokdpmacblnehppgkjphcbpnn, since then replaced with another "Video Downloader professional" (ID bacakpdjpomjaelpkpkabmedhkoongbi). This script is republished here for educational / research purposes. It has initially been extracted from the extension’s archive available as v2.4 on https://www.crx4chrome.com/.

Why is this interesting?

The extension has appeared in malware discussions in the past. Its replacement of Video downloader professional "bacakpdjpomjaelpkpkabmedhkoongbi" seems related t

@joepie91
joepie91 / foundation-engine-package-format.txt
Last active Sep 28, 2020
Format of the engine.package / game.package file for Foundation
View foundation-engine-package-format.txt
FORMAT DOCUMENTATION
====================
All numeric values are in little-endian.
Overall division:
[file header] [index] [data section]
12 bytes variable length variable length
File header:
@joepie91
joepie91 / .md
Last active Sep 29, 2020
Please don't include minified builds in your npm packages!
View .md

Please don't include minified builds in your npm packages!

There's quite a few libraries on npm that not only include the regular build in their package, but also a minified build. While this may seem like a helpful addition to make the package more complete, it actually poses a real problem: it becomes very difficult to audit these libraries.

The problem

You've probably seen incidents like the event-stream incident, where a library was compromised in some way by an attacker. This sort of thing, also known as a "supply-chain attack", is starting to become more and more common - and it's something that developers need to protect themselves against.

One effective way to do so, is by auditing dependencies. Having at least a cursory look through every dependency in your dependency tree, to ensure that there's nothing sketchy in there. While it isn't going to be 100% perfect, it will detect most of these attacks - and no

View raqb.js
query = select("projects", anyOf([
where(anyOf([{
number_one: niceNumbers,
number_two: niceNumbers
}, {
number_three: anyOf([ 42, column("number_one") ]),
number_four: moreThan(1337)
}]))
]));
@joepie91
joepie91 / gist:4d1dbebfd00b842ffaa165232e2aaac4
Last active Apr 15, 2020
Better, categorized documentation of parjs parsers/combinators
View gist:4d1dbebfd00b842ffaa165232e2aaac4
# parjs combinators
## Characters
digit ASCII(?) digit in <base>
hex ASCII(?) digit in base 16 (hex)
uniDecimal unicode digit in base 10 (decimal)
letter ASCII letter
uniLetter unicode letter
View 1-code.js
const immutableCollection = require("./");
let items = [{
id: 1,
color: "blue"
}, {
id: 2,
color: "red"
}, {
id: 3,
View gist:606cd5a48987c484bce027c10f268282
Loader utils
- parseString: Parse a given string as if it were a JSON-encoded string, mapping single-quote string boundaries to double-quote boundaries or just flat-out making up those boundaries, so that JSON.parse doesn't complain. If cannot be parsed as JSON, just return the string as-is. Seems to be used to decode escape codes in a variety of (non-JSON) strings.
- urlToRequest: "Converts some resource URL to a webpack module request."
- isUrlRequest: "Before call urlToRequest you need call isUrlRequest to ensure it is requestable url"
Docs here: https://www.npmjs.com/package/icss-utils
=====================
PostCSS
View js_example.js
"use strict";
const Promise = require("bluebird");
const AWS = require("aws-sdk");
AWS.config.update({ region: "eu-central-1" });
module.exports = function createRDSInstance(identifier) {
let rds = new AWS.RDS();
return Promise.try(() => {