I would know - is it safe code in plugin "open-in-browsers"?


#1

I found in C:\Users\ALEKSANDR\.atom\packages\open-in-browsers\package.json some code:

{
  "_args": [
    [
      {
        "raw": "C:\\Users\\MYUSERNAME~1\\AppData\\Local\\Temp\\d-118313-6232-1cv9t4q.jhx17nwmi\\package.tgz",
        "scope": null,
        "escapedName": null,
        "name": null,
        "rawSpec": "C:\\Users\\MYUSERNAME~1\\AppData\\Local\\Temp\\d-118313-6232-1cv9t4q.jhx17nwmi\\package.tgz",
        "spec": "C:\\Users\\MYUSERNAME~1\\AppData\\Local\\Temp\\d-118313-6232-1cv9t4q.jhx17nwmi\\package.tgz",
        "type": "local"
      },
      "C:\\Users\\MYUSERNAME~1\\AppData\\Local\\Temp\\apm-install-dir-118313-6232-118dk08.tkue42huxr"
    ]
  ],
  "_from": "..\\d-118313-6232-1cv9t4q.jhx17nwmi\\package.tgz",
  "_id": "open-in-browsers@0.0.30",
  "_inCache": true,
  "_location": "/open-in-browsers",
  "_phantomChildren": {},
  "_requested": {
    "raw": "C:\\Users\\MYUSERNAME~1\\AppData\\Local\\Temp\\d-118313-6232-1cv9t4q.jhx17nwmi\\package.tgz",
    "scope": null,
    "escapedName": null,
    "name": null,
    "rawSpec": "C:\\Users\\MYUSERNAME~1\\AppData\\Local\\Temp\\d-118313-6232-1cv9t4q.jhx17nwmi\\package.tgz",
    "spec": "C:\\Users\\MYUSERNAME~1\\AppData\\Local\\Temp\\d-118313-6232-1cv9t4q.jhx17nwmi\\package.tgz",
    "type": "local"
  },
  "_requiredBy": [
    "#USER"
  ],
  "_resolved": "file:..\\d-118313-6232-1cv9t4q.jhx17nwmi\\package.tgz",
  "_shasum": "53eebaf9ab9ac779e9aea2ad36cb188047e9d82d",
  "_shrinkwrap": null,
  "_spec": "C:\\Users\\MYUSERNAME~1\\AppData\\Local\\Temp\\d-118313-6232-1cv9t4q.jhx17nwmi\\package.tgz",
  "_where": "C:\\Users\\MYUSERNAME~1\\AppData\\Local\\Temp\\apm-install-dir-118313-6232-118dk08.tkue42huxr",
  "bugs": {
    "url": "https://github.com/skandasoft/open-in-browsers/issues"
  },
  "consumedServices": {
    "status-bar": {
      "versions": {
        "^1.0.0": "consumeStatusBar"
      }
    },
    "pp": {
      "versions": {
        ">=0.0.0": "consumeAddPreview"
      }
    }
  },
  "dependencies": {
    "atom-space-pen-views": "^2.0.3",
    "load-json-file": "^2.0.0",
    "lodash": "^3.10.1"
  },
  "description": "Open in IE/Chrome/Firefox/Opera",
  "devDependencies": {},
  "engines": {
    "atom": ">=1.0.0 <2.0.0"
  },
  "homepage": "https://github.com/skandasoft/open-in-browsers#readme",
  "keywords": [
    "open in browser",
    "IE",
    "Firefox",
    "chrome",
    "Opera"
  ],
  "license": "MIT",
  "main": "./lib/open-in-browsers",
  "name": "open-in-browsers",
  "optionalDependencies": {},
  "readme": "# open-in-browsers\n\n1. Open Current File in Different Browsers - IE,Chrome,Firefox,Opera,BrowserPlus\n2. Access browser list from context Menu/status bar\n3. customize the list of browser being displayed through settings\n2. With Support for localhost(enable it using settings)\n3. Ability to add custom browsers.\n\nOpening Browsers are available in status bar\n\n![open-in-browsers](https://raw.github.com/skandasoft/open-in-browsers/master/open-in-browsers.PNG)\n\nBrowser List in context menu(possible to limit the list of browsers by settings)    \n\n![open-in-browsers](https://raw.github.com/skandasoft/open-in-browsers/master/Context-Menu.PNG)  \n\n~~Update: Ability to add New Browsers~~  \n~~command open-in-browsers:addBrowser~~\n\n\nUpdate: 05/25/2017  \n~~open-in-browsers:addBrowser - removed the command. as it makes the package complicated.~~\n\n~~Adding new browsers can be done by PR(Pull Request).\nCheck the lib/config.coffee and send the cmd needed for opening the browser. I can also add if you send me the details of browsers/cmd~~  \n\n__Microsoft-Edge__ doesn't yet allow opening file system files..Once it allows this plugin will start to work automatically.  \n\n### How to Add Your Browser\nChromePortable/FirefoxPortable/SafariPortable can be used to define your own browser through setting. Fill the path to your custom browser / tooltip/color to differentiate the icons from chrome/Firefox/safari\n\nfix to issue https://github.com/skandasoft/open-in-browsers/issues/34  \n__path to browser__ has to be maintained within quotes if __there are spaces in the path__  \nfor eg. C:\\\\__\"Program Files\\\\Mozilla Firefox\"__\\\\firefox.exe\n\n\n__How to View from local host?__  \nMaintain \"proj.json\" file in the root directory of the project root folder. The file name can be configured from settings, but has to be in the root folder.  \nHere is sample structure of the file\n```\n{\n\t\"localhost\": {\n\t\t\"url\": \"http://localhost:8000\",\n\t\t\"folder\": \"C:/Users/admin/myproj/public\"\n\t}\n}\n```\nThere are 2 parameters:\n1. __url__: This is base url against which the file path will be shown. Just maintaining url would make the file path being added to end of the maintained url.\n2. __folder__: folder directory will be compared with the path of the file being displayed and will be replaced for eg. in the above case if you view a file under the root directory\n```\n/public/view/hello.html  \nwould be shown as\nhttp://localhost:8000/view/hello.html\n```   \n\nThis can be maintained differently for each project under each project's root directory.\n",
  "readmeFilename": "README.md",
  "repository": {https://discuss.atom.io/t/code-assist-core-support-vs-plugin/10464
    "type": "git",
    "url": "git+https://github.com/skandasoft/open-in-browsers.git"
  },
  "version": "0.0.30"
}

I understand why this is necessary. What is the purpose to create this plugin temporary files. This is weird. This can damage to the security?


#2

It’s pretty normal to create temporary files while performing an installation, and that’s how Atom’s package manager works. open-in-browsers doesn’t have anything to do with it.