Definitely not in 1.7.2 since that's being released this week. Using Webpack at this point would require, essentially, a complete rewrite.
That's a lot of work.
Hey @planner -- the path of the file suggests that
tough-cookie is Node.js module that is a dependency of
request, which is globally installed.
In fact, the path you pasted isn't even a NodeBB directory... so possibly could be an issue with the
Ok, is that something that's supposd to be in an installation of Node.JS?
Nope... and it's not part of NodeBB either (although we use it in our hosting platform, which is completely separate).
At some point, it looks like you ran
sudo npm install -g request. That's why that package is installed in
Looks like a legit module.
Since that is something I did not install and it's not a part of NodeBB, I'm guessing it should be save to remove the request module. I get real edgy when I see something that I can't account for.
Yeah, legit. Did it show up in your filesystem monitoring tools? If so, raise an issue on the tough-cookie issue tracker asking about the cookie.
To be fair, request is actually a dependency of npm.
Not being a Node guru and not knowing what the contents of that file should be, I had to check. Does it make any sense for that file (public-suffix.txt ) to contain a listing of more websites than I ever come across in one file?
I did check out the company behind it and they seem legit, but I still had to satisfy my paranoid self.
@planner it's probably this file from their repo: https://github.com/goinstant/tough-cookie/blob/master/public-suffix.txt
So all should be good.
That'll calm me down. Thanks.