thom4parisot / crx Goto Github PK
View Code? Open in Web Editor NEWA node.js command line app for packing Google Chrome extensions.
Home Page: https://npmjs.com/crx
License: MIT License
A node.js command line app for packing Google Chrome extensions.
Home Page: https://npmjs.com/crx
License: MIT License
A couple of days ago node-rsa
released version 0.2.20. This update appears to have been minor, but after updating the deps for crx
my builds started failing. A quick look at the stack trace revealed this (taken directly from console):
Error: TypeError: undefined is not a function
at jenkins-home/workspace/SignalsExtension-Master/node_modules/crx/src/crx.js:83:13
at $$$internal$$tryCatch (jenkins-home/workspace/SignalsExtension-Master/node_modules/crx/node_modules/es6-promise/dist/es6-promise.js:304:16)
at $$$internal$$invokeCallback (jenkins-home/workspace/SignalsExtension-Master/node_modules/crx/node_modules/es6-promise/dist/es6-promise.js:316:17)
at jenkins-home/workspace/SignalsExtension-Master/node_modules/crx/node_modules/es6-promise/dist/es6-promise.js:874:13
at $$asap$$flush (jenkins-home/workspace/SignalsExtension-Master/node_modules/crx/node_modules/es6-promise/dist/es6-promise.js:111:9)
at process._tickCallback (node.js:419:13)
Manually hard-coding the node-rsa
dependency in package.json
seems to totally resolve the issue. I will try to post more detailed logging shortly, but this happened on a Jenkins box so I don't have the full logs.
As a side note: I am loading a key.pem
file into crx
via a string buffer, then packing an extension.
Currently, this module uses the built-in fs
module. However, it would be useful to be able to provide our own replacement using an option. We can check if it is compatible enough by checking if all the fs
methods that this module uses exist, and throw an error if not all of them are included.
Hi @jed. I've recently tried to build a chrome extension using grunt-crx, which uses your crx module and failed to do so. After a few hours of crawling through the code, I spotted a bug in https://github.com/jed/crx/blob/master/src/crx.js#L125:
archive.on("finish",function() {...
In a new version of archiver's dependency: readable-stream, there's a line 704 which listens for the 'readable' event but not for the 'finish' event (https://github.com/isaacs/readable-stream/blob/master/lib/_stream_readable.js#L704). Also this event is listed in NodeJS Stream docs: http://nodejs.org/api/stream.html (see section: "Event: 'readable'").
After changing that line 125 in src/crx.js to "archive.on("readable",function() {...", everything worked OK. Can you test it yourself and fix the issue.
My versions:
node version: v0.10.29
crx version: 0.4.3
readable-stream: 1.0.27-1
uname -a: Linux server-two 2.6.32-431.5.1.el6.x86_64 #1 SMP Wed Feb 12 00:41:43 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
I realise they are not described anywhere.
Hello all,
Thanks so much for your work on this amazing package!
Seems like Chrome 75 doesn't like it when crx
-generated extensions are sent for download by the server. When trying to download crx
files within Chrome, the download fails and the following message is displayed:
Package is invalid: 'CRX_REQUIRED_PROOF_MISSING'
Chrome: 75.0.3770.80 (Official Build) (64-bit)
OS: MacOS High Sierra
The crx
is sent for download by sending the following headers:
Content-type: application/x-chrome-extension
Content-disposition: attachment; filename=something.crx
<-- crx file -->
Any idea what changed and how we can support the new version of Chrome?
I got this error.
> crx pack -f
error: unknown option `-f'
Not sure what happens.
Node's version is v0.10.35
npm audit
is throwing a warning on this package. Would be great to get patched.
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.5 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ crx [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ crx > node-rsa > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
When providing relative path in load
method, the crx
object will throw error:
Error: Cannot find module 'relative/manifest.json'
However, this should work according to README.md.
A test case can be found in this repo: https://github.com/scholtzm/crx-issues
( Providing absolute path works as expected. )
crypto.sign
apparently accepts ReadableStreamgeneratePackage
could return a stream instead of a Buffer objectThe entire archive must have been fully read to generate a valid signature, and read again (?) to emit a signed stream.
new Crx(…).load('./dir').then(function(crx){
crx.generatePackage().pipe(fs.createWriteStream('./dist/package.crx'));
});
The default path should be process.cwd()
.
ran something akin to what crx had been running manually via grunt-crx:
cat ~/.ssh/chrome-apps.pem|openssl rsa -pubout -outform DER
this tossed:
unable to load Private Key 140314491279016:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: ANY PRIVATE KEY
obviously problems on my side generating the key, but crx does not throw an error here, it simply does nothing: the callback passed into generatePublicKey is never called back. it ought have some codepath to fire off the callback with the err parameter in a non-null state.
crx.loadContents
/home/towski/.nvm/v0.10.26/lib/node_modules/crx/src/crx.js:59
if (err) { throw err }
^
Error: ENAMETOOLONG, stat '/home/towski/code/tabber/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/manifest.json'
Maybe my manifest.json is missing something.
I ran npm install crx
and it installed crx 5.0.1 without any errors. I was able to locate the crx module within node_modules dirctory. When I ran crx pack -o
my terminal says: Command 'crx' not found.
npm version: 6.10.1
node version: 11.6.0
OS version: Ubuntu 18.04
Hi, thanks for crx.
I'm trying to make simple gulp-crx extension. But i'm run into an issue with "rsa publick key" and cannot figure out what I'm doing wrong:
var crx = new ChromeExtension();
crx.load(file.path).then(function () {
return crx.loadContents();
}, showError).then(function (archiveBuffer) {
fs.writeFile(path.join(file.path, 'extension.zip'), archiveBuffer);
return crx.pack(archiveBuffer);
}, showError).then(function (crxBuffer) {
fs.writeFile(path.join(file.path, 'extension.crx'), crxBuffer);
}, showError)
Whatever I'm trying, after crx.pack(archiveBuffer);
i've got an error:
{ [Error: Error: It is not public key]
name: 'Error',
message: 'Error: It is not public key',
stack: 'Error: Error: It is not public key\n at /work/gulp-crx-pkg/node_modules/crx/src/crx.js:83:13\n at lib$es6$promise$$internal$$tryCatch (/work/gulp-crx-pkg/node_modules/crx/node_modules/es6-promise/dist/es6-promise.js:331:16)\n at lib$es6$promise$$internal$$invokeCallback (/work/gulp-crx-pkg/node_modules/crx/node_modules/es6-promise/dist/es6-promise.js:343:17)\n at /work/gulp-crx-pkg/node_modules/crx/node_modules/es6-promise/dist/es6-promise.js:891:13\n at Object.lib$es6$promise$asap$$flush [as _onImmediate] (/work/gulp-crx-pkg/node_modules/crx/node_modules/es6-promise/dist/es6-promise.js:125:9)\n at processImmediate [as _immediateCallback] (timers.js:363:15)',
showStack: false,
showProperties: true,
plugin: 'gulp-crx-pkg' }
Btw: ubuntu 14.04 x64, node v0.10.40, crx v3.0.3.
And chrome browser can build up a test extension
Hi,
I'm trying to use crx
to generate .crx
file, but it seems not to works for me. Am I missing something?
$ ls -aFl src
total 16
drwxr-xr-x 9 okuryu Users 306 12 15 19:48 ./
drwxr-xr-x 20 okuryu Users 680 12 15 19:59 ../
drwxr-xr-x 14 okuryu Users 476 6 9 2014 assets/
drwxr-xr-x 16 okuryu Users 544 12 5 13:32 content_scripts/
drwxr-xr-x 5 okuryu Users 170 6 4 2014 css/
drwxr-xr-x 6 okuryu Users 204 12 11 12:43 js/
-rwx------ 1 okuryu Users 916 12 15 19:48 key.pem*
-rw-r--r-- 1 okuryu Users 199 12 15 09:29 manifest.json
drwxr-xr-x 5 okuryu Users 170 7 15 08:39 pages/
$ crx pack src -o tra.crx
$ find . -name "*.crx"
$ ls -aFl tmp/
total 0
drwxr-xr-x 3 okuryu Users 102 12 15 20:04 ./
drwxr-xr-x 20 okuryu Users 680 12 15 20:04 ../
drwxr-xr-x 9 okuryu Users 306 12 15 20:04 crx-py4guxjbi9c/
$ ls -aFl tmp/crx-py4guxjbi9c
total 16
drwxr-xr-x 9 okuryu Users 306 12 15 20:04 ./
drwxr-xr-x 3 okuryu Users 102 12 15 20:04 ../
drwxr-xr-x 14 okuryu Users 476 12 15 20:04 assets/
drwxr-xr-x 16 okuryu Users 544 12 15 20:04 content_scripts/
drwxr-xr-x 5 okuryu Users 170 12 15 20:04 css/
drwxr-xr-x 6 okuryu Users 204 12 15 20:04 js/
-rw-r--r-- 1 okuryu Users 916 12 15 20:04 key.pem
-rw-r--r-- 1 okuryu Users 167 12 15 20:04 manifest.json
drwxr-xr-x 5 okuryu Users 170 12 15 20:04 pages/
$ crx --version
2.0.0
It is useful to calculate the Chrome extension ID corresponding to a given a private key. For instance, in order to run WebDriver functional tests for any Google Extension using Selenium–ChromeDriver, the extension ID is necessary to get the URLs of extension pages (background and popup pages).
As Erik Kay says on Stack Overflow, any extension’s ID is the first 128 bits of the SHA256 of its RSA public key encoded in base 16 from a
to p
. CLI examples from Rob Wu and a Ruby script by Mark Wubben might also be useful to look at.
The module API would be similar to crx.generateExtensionID()
or ChromeExtension.getExtensionIdFor(privateKeyBuffer)
, and the CLI would be similar to crx genid -p private-key
. The interfaces might also support public keys as inputs, since any private keys would simply be converted to public keys anyway, but this flexibility should be weighed against API simplicity.
crx(['/path/to/manifest.json', '/path/to/**.js', '!/path/to/node_modules'], { options })
.then(crx => {
crx.options; // { options }
crx.included; // => ['manifest.json', 'index.js'];
crx.excluded; // => ['node_modules/jquery/dist/jquery.js', ...]
crx.mapping; // => { '/path/to/manifest.json' => 'manifest.json', ... }
crx.archive()
.then(archive => archive.pipe(fs.createWriteFile('extension.zip')))
.then(archive => crx.sign(archive))
.then(stream => stream.pipe(fs.createWriteFile('extension.crx')));
});
crx(files, options)
file selection constructorpack().then(archive)
sign(archive).then(crx)
getManifest(appId)
Under the hood we need to have:
generateAppId(publicKey).then(appId)
generateSignature(archive).then(signature)
Are dropped:
writeFile
load
options.rootDirectory
, options.path
and options.src
ignore
(defaults to ['*.pem', '.git', '*.crx']
)publicKey
privateKey
(optional, to use #sign()
only)autoupdate
codebase
prodversionmin
It seems lodash again has a severe vulnerability before 4.17.13
More info about the vulnerability: lodash/lodash#4336
Current version of lodash in package.lock: 4.17.11 (https://github.com/oncletom/crx/blob/master/package-lock.json#L1712)
A previous vulnerability fix was done here: #89, I guess this one can be done the same way.
When trying to compile my extension, I get this error:
/usr/lib/node_modules/crx/node_modules/wrench/lib/wrench.js:356
if (fileStat.isDirectory())
^
TypeError: Cannot call method 'isDirectory' of undefined
at /usr/lib/node_modules/crx/node_modules/wrench/lib/wrench.js:356:42
at Object.oncomplete (fs.js:107:15)
I think there is a mistake in the README.md. In the Module example.
Line 10 : return crx.pack(function(crxBuffer){
-> return crx.pack().then(function(crxBuffer) {
Google generates 2048 bit keys by default now. Perhaps crx
should do the same.
What do you think about moving to TypeScript?
I had to do it manually instead of using crx object.
var pem = fse.readFileSync(pemFile);
var key = new RSA(pem);
var publicKeyPem = key.exportKey("pkcs8-public-pem");
This key in PKCS format without line ending and header, footer is used in 'key' property in the manifest.
https://developer.chrome.com/apps/manifest/key
This allows to have consistent extension id for unpacked extension placed in any folder.
Writing private key file inside extension's directory is just an accident waiting to happen ;).
Maybe it would be safer to default to creating it next to the directory instead?
bitHound discovered 1 LintIssue, and 1 TodoComment in src/crx.js. For details go to bitHound.
It seems to be related to Buffer
.
When I use case generation, an error is reported as follows 。eg:
The line code: fs.writeFile('./myExtension.crx', crxBuffer);
error:
TypeError [ERR_INVALID_CALLBACK]: Callback must be a function
at maybeCallback (fs.js:133:9)
at Object.writeFile (fs.js:1139:14)
at crx.load.then.then.crxBuffer (d:\HuffService\test.js:15:8)
at process._tickCallback (internal/process/next_tick.js:68:7)
There is a confusion between load
(load manifest) and loadContent
(actually generates a zip buffer).
We do not want the constructor to perform any FS operation to allow users to delay the execution.
Ideal flow:
var crx = new Crx(…);
crx
.load('./src')
.then(crx.signedPackage)
.then(function(signedPackage){
fs.writeFile('./dist/package.crx', signedPackage);
});
Hello I am using the grunt-crx-pack grunt extension which uses your library.
It runs into an error packaging a chrome extension on Windows.
{ [Error: ENOTDIR: not a directory, scandir 'D:\chrome\listOfLists\dist\delete.png']
errno: -4052,
code: 'ENOTDIR',
syscall: 'scandir',
path: 'D:\\chrome\\listOfLists\\dist\\delete.png' }
Error: ENOTDIR: not a directory, scandir 'D:\chrome\listOfLists\dist\delete.png'
at Error (native)
AT first I suspected wrench which claims to be a deprecated package.
But when I tried to replace the wrench.copyRecursive() call with fs-extra.copy() I ran into another problem.
I just want to automate the packaging of the extension and grunt seemed the right tool.
Hello,
I try to package an extension through your module but it throws error on almost all configurations I try.
In my extension directory, I have 2 things:
key.pem
src/
in which I have all html, css and js filesWhen I type, following your example, crx pack src/ -p key.pem -f
, this error is shown:
node.js:201
throw e; // process.nextTick error, or 'error' event on first tick
^
TypeError: Not a string or buffer
at [object Object].generateSignature (/usr/local/lib/node_modules/crx/src/crx.js:110:10)
at [object Object]. (/usr/local/lib/node_modules/crx/src/crx.js:23:16)
at [object Object]. (/usr/local/lib/node_modules/crx/src/crx.js:122:26)
at exithandler (child_process.js:276:7)
at Array.0 (child_process.js:292:7)
at EventEmitter._tickCallback (node.js:192:40)
However, when I package using Chrome, it is successful (such as the extension install):
/path/to/Google\ Chrome --pack-extension=./src/ --pack-extension-key=./key.pem
node --version
v0.6.2
crx --version
0.2.0
According to docs privateKey
should not be required:
However, without providing the key, the crx
object will just print an error message to console and exit:
Error Impossible to generate a public key: privateKey option has not been defined or is empty.
Am I missing something? Is this behaviour expected?
( A test case can be found in this repo: https://github.com/scholtzm/crx-issues )
Hello. Our extension runs as a sanboxed webpage when you visit our extension URL (ex: visiting chrome-extension://bdlknlffjjmjckcldekkbejaogpkjphg/main_window.html
opens our extension)
When using version: 2
, my resulting extension always gets the same extension ID. This is important because our tests start by opening a hardcoded URL I mentioned above.
const crx = new ChromeExtension({
version: 2,
privateKey: fs.readFileSync('./my-key-path.pem')
// rest of configuration here
})
When using version: 3
however, the extension id is not only different than the one in version 2, it is different every time our tests run. Is this by design or is this a bug? All Chrome extensions on the Chrome Webstore has a fixed extension ID based on the private key of the extension and that ID stays consistent even in CRX3 so I assume the behavior of this library isn't intentional.
There are regular bugs (#57 #17) about temporary files not being deleted.
Plus I do not like the idea we generate temporary files during crx.load
and copy them again into a zip archive.
Here is the proposed plan:
crx.load()
should load only the manifestmanifest.json
crx.pack()
Many advantages:
archiver
directlyHello,
I told you during LXJS it could be interesting to generate RSA keypair in pure JS to have a very portable code (and eventually lead to an extension… packaging extensions :-D).
I've spotted so far:
And eventually discovered jspackcrx.
I get this error with io.js v1.0.3:
$ npm test
> [email protected] test ./crx
> node ./test/index.js
TAP version 13
# it should pack the test extension
buffer.js:170
length += list[i].length;
^
TypeError: Cannot read property 'length' of null
at Function.Buffer.concat (buffer.js:170:24)
at null.<anonymous> (./crx/src/crx.js:220:29)
at emit (events.js:92:17)
at emitReadable_ (_stream_readable.js:404:10)
at emitReadable (_stream_readable.js:398:7)
at onEofChunk (_stream_readable.js:381:3)
at readableAddChunk (_stream_readable.js:126:7)
at Readable.push (_stream_readable.js:106:10)
at Transform.push (_stream_transform.js:120:32)
at done (_stream_transform.js:183:17)
npm ERR! Test failed. See above for more details.
E.g. if the manifest.json
file doesn't pass properly...
SyntaxError: /private/tmp/crx-c3g6x368nfw/manifest.json: Unexpected token u
at Object.parse (native)
at Object.Module._extensions..json (module.js:475:27)
at Module.load (xxx/node_modules/eco/node_modules/coffee-script/lib/coffee-script/coffee-script.js:211:36)
at Function.Module._load (module.js:312:12)
at Module.require (module.js:362:17)
at require (module.js:378:17)
at [object Object].module.exports.load (xxxnode_modules/crx/src/crx.js:54:23)
at ChildProcess.EventEmitter.emit (events.js:96:17)
at Process._handle.onexit (child_process.js:678:10)
Error should be passed to callback.
I was looking into integrating grunt-crx with my windows builds, unfortunately this package does not appear to be windows compatible. A couple of examples (from crx.js):
spawn("rm", ["-rf", this.path])
var child = spawn("cp", ["-R", this.rootDirectory, this.path])
Are there any plans to add windows compatibility? If not I may be able to make a contribution. It would be a big upgrade from our current process if my team could use this on windows.
Chrome version 71.0.3578.98 (Official Build) (64-bit)
OS: macOS 10.14.2
node v11.5.0
crx 3.2.1
When trying to pack a crx with the following command: npx crx pack dist/chrome -p chrome.pem > dist/voc-api-chr.crx
, the .crx gets generated without errors.
When I try to load the .crx in Chrome however, I get the error Package is invalid: "CRX_HEADER_INVALID"
.
Packing with Chrome manually works fine.
var crx = require("crx")
console.log(new crx().generateAppId("c:\\a")) // dkofdgpiohgjhcbnlhpmdmljinhhddlj
Chrome gives you different id:
ID: igchicfaapedlfgmepccnpolhajaphik
Loaded from: C:\a
I would like to have an option of calculating public key from the path.
https://stackoverflow.com/questions/45661524/chrome-extension-id-algorithm-for-local-folder/48567389#48567389
I'm packing a directory using the same private key twice, but two output files have the different hash. However, packing crx in Chrome will generate two identical crx. No matter which packing methods I choose, those crx are all working as expected but I'd like to know the reason for the different hash.
crx pack src -p key.pem -o src1.crx
crx pack src -p key.pem -o src2.crx
md5sum src1.crx src2.crx
Cheers
Cf. https://wiki.mozilla.org/WebExtensions#Packaging
It means zipping + suffixing with .xpi
.
The temporary folder (crxXXXXX-XXXXX-XXXXXXX) is not being deleted after the process is finished.
Is it known?
Maybe it's only on my working station?
I'm using the crx module (3.0.3) inside my module on node v0.12.7
Platform: Windows 10 - 64b
Node: v6.11.1
npm: 3.10.10
crx: 3.2.1
node ..\node_modules\crx\bin\crx.js pack -o build.crx
and it generated the build.crx + key.pemconst fs = require("fs");
const ChromeExtension = require("crx");
const crx = new ChromeExtension({
codebase: "https://domain.com/build.crx",
privateKey: fs.readFileSync("./build/key.pem")
});
crx.load('./build')
.then(crx => crx.pack())
.then(crxBuffer => {
console.log("writting");
fs.writeFile('builx.crx', crxBuffer);
const xmlBuffer = crx.generateUpdateXML();
fs.writeFile('update.xml', xmlBuffer);
});
And doesn't output anything.
Also tried moving generateUpdateXML outside the crx.load and throws: throw new Error('Public key is neither set, nor given');
I've checked and pack command didn't save any publickey.
¿What can i do to make this package work?
Built on top of #66
crx pack 'src/(app|assets|controllers)/*.{css,html,js}'
(otherwise it is OS interpolated)crx pack .
=== crx pack './**'
Sorry for naivety but why do I have to link to a .crx file? I though the purpose of this library is to generate one?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.