Chrome Web Store Violation: Having obfuscated code in the package

Question

Chrome Web Store Violation: Having obfuscated code in the package

valyefimov opened this issue 9 months ago · 3 comments

valyefimov commented 9 months ago

Checklist

The issue can be reproduced in the auth0-react sample app (or N/A).
I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
I have looked into the API documentation and have not found a suitable solution or answer.
I have searched the issues and have not found a suitable solution or answer.
I have searched the Auth0 Community forums and have not found a suitable solution or answer.
I agree to the terms within the Auth0 Code of Conduct.

Description

I got a violation at the Chrome Web Store.

Code Readability Requirements

Violation reference ID: Red Titanium
Violation: Having obfuscated code in the package.
Violating content:
Code snippet:

ar Bt, Nt, Vt, st, Ir = (Bt = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwohZnVuY3Rpb24oKXsidXNlIHN0cmljdCI7Y2xhc3MgZSBleHRlbmRzIEVycm9ye2NvbnN0cnVjdG9yKHQscil7c3VwZXIociksdGhpcy5lcnJvcj10LHRoaXMuZXJyb3JfZGVzY3JpcHRpb249cixPYmplY3Quc2V0UHJvdG90eXBlT2YodGhpcyxlLnByb3R

How to rectify: Replace the obfuscated code with human-readable code and resubmit the item.

Reproduction

install npm module
Go to the dist folder and find the string starting with Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2Vy

Additional context

No response

auth0-react version

2.1.1

React version

18.2.0

Which browsers have you tested in?

Chrome

Answer 1 · 2024-03-15T09:46:06.000Z

@valyefimov were you able to find a solution for this? I've just encountered the same issue.

Answer 2 · 2024-03-15T14:57:24.000Z

@valyefimov were you able to find a solution for this? I've just encountered the same issue.

Yes, I wrote a script that decodes the string and updates the final JS file. I run that script after making a production build for Chrome Web Store submissions.

    "postbuild-production": "node ./scripts/fix-auth0-violation.js",

https://gist.github.com/valyefimov/f2fc1c70c9bfd94fba98d962e1112c8c

Note: you have to update this line to specify your build folder
const assetsPath = path.join(__dirname, '../build/chrome-mv3-production');

Answer 3 · 2024-03-16T23:56:39.000Z

@valyefimov were you able to find a solution for this? I've just encountered the same issue.

Yes, I wrote a script that decodes the string and updates the final JS file. I run that script after making a production build for Chrome Web Store submissions.
    "postbuild-production": "node ./scripts/fix-auth0-violation.js",
https://gist.github.com/valyefimov/f2fc1c70c9bfd94fba98d962e1112c8c

Note: you have to update this line to specify your build folder const assetsPath = path.join(__dirname, '../build/chrome-mv3-production');

Thank you so much for this, this is super helpful!!