A couple of days ago node-rsa released version 0.2.20. This update appears to have been minor, but after updating the deps for crx my builds started failing. A quick look at the stack trace revealed this (taken directly from console):

Error: TypeError: undefined is not a function
  at jenkins-home/workspace/SignalsExtension-Master/node_modules/crx/src/crx.js:83:13
  at $$$internal$$tryCatch (jenkins-home/workspace/SignalsExtension-Master/node_modules/crx/node_modules/es6-promise/dist/es6-promise.js:304:16)
  at $$$internal$$invokeCallback (jenkins-home/workspace/SignalsExtension-Master/node_modules/crx/node_modules/es6-promise/dist/es6-promise.js:316:17)
  at jenkins-home/workspace/SignalsExtension-Master/node_modules/crx/node_modules/es6-promise/dist/es6-promise.js:874:13
  at $$asap$$flush (jenkins-home/workspace/SignalsExtension-Master/node_modules/crx/node_modules/es6-promise/dist/es6-promise.js:111:9)
  at process._tickCallback (node.js:419:13)

Manually hard-coding the node-rsa dependency in package.json seems to totally resolve the issue. I will try to post more detailed logging shortly, but this happened on a Jenkins box so I don't have the full logs.

As a side note: I am loading a key.pem file into crx via a string buffer, then packing an extension.

Currently, this module uses the built-in fs module. However, it would be useful to be able to provide our own replacement using an option. We can check if it is compatible enough by checking if all the fs methods that this module uses exist, and throw an error if not all of them are included.

Hi @jed. I've recently tried to build a chrome extension using grunt-crx, which uses your crx module and failed to do so. After a few hours of crawling through the code, I spotted a bug in https://github.com/jed/crx/blob/master/src/crx.js#L125:
archive.on("finish",function() {...

In a new version of archiver's dependency: readable-stream, there's a line 704 which listens for the 'readable' event but not for the 'finish' event (https://github.com/isaacs/readable-stream/blob/master/lib/_stream_readable.js#L704). Also this event is listed in NodeJS Stream docs: http://nodejs.org/api/stream.html (see section: "Event: 'readable'").

After changing that line 125 in src/crx.js to "archive.on("readable",function() {...", everything worked OK. Can you test it yourself and fix the issue.

My versions:
node version: v0.10.29
crx version: 0.4.3
readable-stream: 1.0.27-1
uname -a: Linux server-two 2.6.32-431.5.1.el6.x86_64 #1 SMP Wed Feb 12 00:41:43 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

I realise they are not described anywhere.

Hello all,
Thanks so much for your work on this amazing package!

Seems like Chrome 75 doesn't like it when crx-generated extensions are sent for download by the server. When trying to download crx files within Chrome, the download fails and the following message is displayed:

Package is invalid: 'CRX_REQUIRED_PROOF_MISSING'

Chrome: 75.0.3770.80 (Official Build) (64-bit)
OS: MacOS High Sierra

The crx is sent for download by sending the following headers:

Content-type: application/x-chrome-extension
Content-disposition: attachment; filename=something.crx
<-- crx file -->

Any idea what changed and how we can support the new version of Chrome?

I got this error.

> crx pack -f 
error: unknown option `-f'

Not sure what happens.

Node's version is v0.10.35

npm audit is throwing a warning on this package. Would be great to get patched.

                                                                                
                       === npm audit security report ===                        
                                                                                
┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.17.5                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ crx [dev]                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ crx > node-rsa > lodash                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/577                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

When providing relative path in load method, the crx object will throw error:

Error: Cannot find module 'relative/manifest.json'

However, this should work according to README.md.
A test case can be found in this repo: https://github.com/scholtzm/crx-issues

( Providing absolute path works as expected. )

• crypto.sign apparently accepts ReadableStream
• generatePackage could return a stream instead of a Buffer object

The entire archive must have been fully read to generate a valid signature, and read again (?) to emit a signed stream.

new Crx(…).load('./dir').then(function(crx){
  crx.generatePackage().pipe(fs.createWriteStream('./dist/package.crx'));
});

The default path should be process.cwd().

ran something akin to what crx had been running manually via grunt-crx:

cat ~/.ssh/chrome-apps.pem|openssl rsa -pubout -outform DER

this tossed:

unable to load Private Key 140314491279016:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: ANY PRIVATE KEY

obviously problems on my side generating the key, but crx does not throw an error here, it simply does nothing: the callback passed into generatePublicKey is never called back. it ought have some codepath to fire off the callback with the err parameter in a non-null state.

http://developer.chrome.com/extensions/autoupdate.html#minimum_browser_version

• if archiveBuffer is not provided, execute crx.loadContents
• otherwise sign the provided buffer value

crx pack . -f

/home/towski/.nvm/v0.10.26/lib/node_modules/crx/src/crx.js:59
if (err) { throw err }
^
Error: ENAMETOOLONG, stat '/home/towski/code/tabber/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/tmp/crx-mapcxhnfcq8/manifest.json'

Maybe my manifest.json is missing something.

I ran npm install crx and it installed crx 5.0.1 without any errors. I was able to locate the crx module within node_modules dirctory. When I ran crx pack -o my terminal says: Command 'crx' not found.

npm version: 6.10.1
node version: 11.6.0
OS version: Ubuntu 18.04

Hi, thanks for crx.

I'm trying to make simple gulp-crx extension. But i'm run into an issue with "rsa publick key" and cannot figure out what I'm doing wrong:

        var crx = new ChromeExtension();

        crx.load(file.path).then(function () {
            return crx.loadContents();
        }, showError).then(function (archiveBuffer) {
            fs.writeFile(path.join(file.path, 'extension.zip'), archiveBuffer);
            return crx.pack(archiveBuffer);
        }, showError).then(function (crxBuffer) {
            fs.writeFile(path.join(file.path, 'extension.crx'), crxBuffer);
        }, showError)

Whatever I'm trying, after crx.pack(archiveBuffer); i've got an error:

{ [Error: Error: It is not public key]
  name: 'Error',
  message: 'Error: It is not public key',
  stack: 'Error: Error: It is not public key\n    at /work/gulp-crx-pkg/node_modules/crx/src/crx.js:83:13\n    at lib$es6$promise$$internal$$tryCatch (/work/gulp-crx-pkg/node_modules/crx/node_modules/es6-promise/dist/es6-promise.js:331:16)\n    at lib$es6$promise$$internal$$invokeCallback (/work/gulp-crx-pkg/node_modules/crx/node_modules/es6-promise/dist/es6-promise.js:343:17)\n    at /work/gulp-crx-pkg/node_modules/crx/node_modules/es6-promise/dist/es6-promise.js:891:13\n    at Object.lib$es6$promise$asap$$flush [as _onImmediate] (/work/gulp-crx-pkg/node_modules/crx/node_modules/es6-promise/dist/es6-promise.js:125:9)\n    at processImmediate [as _immediateCallback] (timers.js:363:15)',
  showStack: false,
  showProperties: true,
  plugin: 'gulp-crx-pkg' }

Btw: ubuntu 14.04 x64, node v0.10.40, crx v3.0.3.
And chrome browser can build up a test extension

Hi,

I'm trying to use crx to generate .crx file, but it seems not to works for me. Am I missing something?

$ ls -aFl src
total 16
drwxr-xr-x   9 okuryu  Users  306 12 15 19:48 ./
drwxr-xr-x  20 okuryu  Users  680 12 15 19:59 ../
drwxr-xr-x  14 okuryu  Users  476  6  9  2014 assets/
drwxr-xr-x  16 okuryu  Users  544 12  5 13:32 content_scripts/
drwxr-xr-x   5 okuryu  Users  170  6  4  2014 css/
drwxr-xr-x   6 okuryu  Users  204 12 11 12:43 js/
-rwx------   1 okuryu  Users  916 12 15 19:48 key.pem*
-rw-r--r--   1 okuryu  Users  199 12 15 09:29 manifest.json
drwxr-xr-x   5 okuryu  Users  170  7 15 08:39 pages/
$ crx pack src -o tra.crx
$ find . -name "*.crx"
$ ls -aFl tmp/
total 0
drwxr-xr-x   3 okuryu  Users  102 12 15 20:04 ./
drwxr-xr-x  20 okuryu  Users  680 12 15 20:04 ../
drwxr-xr-x   9 okuryu  Users  306 12 15 20:04 crx-py4guxjbi9c/
$ ls -aFl tmp/crx-py4guxjbi9c
total 16
drwxr-xr-x   9 okuryu  Users  306 12 15 20:04 ./
drwxr-xr-x   3 okuryu  Users  102 12 15 20:04 ../
drwxr-xr-x  14 okuryu  Users  476 12 15 20:04 assets/
drwxr-xr-x  16 okuryu  Users  544 12 15 20:04 content_scripts/
drwxr-xr-x   5 okuryu  Users  170 12 15 20:04 css/
drwxr-xr-x   6 okuryu  Users  204 12 15 20:04 js/
-rw-r--r--   1 okuryu  Users  916 12 15 20:04 key.pem
-rw-r--r--   1 okuryu  Users  167 12 15 20:04 manifest.json
drwxr-xr-x   5 okuryu  Users  170 12 15 20:04 pages/
$ crx --version
2.0.0

It is useful to calculate the Chrome extension ID corresponding to a given a private key. For instance, in order to run WebDriver functional tests for any Google Extension using Selenium–ChromeDriver, the extension ID is necessary to get the URLs of extension pages (background and popup pages).

As Erik Kay says on Stack Overflow, any extension’s ID is the first 128 bits of the SHA256 of its RSA public key encoded in base 16 from a to p. CLI examples from Rob Wu and a Ruby script by Mark Wubben might also be useful to look at.

The module API would be similar to crx.generateExtensionID() or ChromeExtension.getExtensionIdFor(privateKeyBuffer), and the CLI would be similar to crx genid -p private-key. The interfaces might also support public keys as inputs, since any private keys would simply be converted to public keys anyway, but this flexibility should be weighed against API simplicity.

crx(['/path/to/manifest.json', '/path/to/**.js', '!/path/to/node_modules'], { options })
  .then(crx => {
    crx.options; // { options }
    crx.included; // => ['manifest.json', 'index.js'];
    crx.excluded; // => ['node_modules/jquery/dist/jquery.js', ...]
    crx.mapping; // => { '/path/to/manifest.json' => 'manifest.json', ... }

    crx.archive()
      .then(archive => archive.pipe(fs.createWriteFile('extension.zip')))
      .then(archive => crx.sign(archive))
      .then(stream => stream.pipe(fs.createWriteFile('extension.crx')));
  });

API

• keys API
• create Public Key
• read Private Key
• generate Private Key
• crx API
• crx(files, options) file selection constructor
• pack().then(archive)
• sign(archive).then(crx)
• autoupdate API
• getManifest(appId)

Under the hood we need to have:

• generateAppId(publicKey).then(appId)
• generateSignature(archive).then(signature)

Are dropped:

• writeFile
• load
• options.rootDirectory, options.path and options.src

Options

• ignore (defaults to ['*.pem', '.git', '*.crx'])
• publicKey
• privateKey (optional, to use #sign() only)
• autoupdate
  • codebase
  • prodversionmin

It seems lodash again has a severe vulnerability before 4.17.13

More info about the vulnerability: lodash/lodash#4336

Current version of lodash in package.lock: 4.17.11 (https://github.com/oncletom/crx/blob/master/package-lock.json#L1712)

A previous vulnerability fix was done here: #89, I guess this one can be done the same way.

When trying to compile my extension, I get this error:
/usr/lib/node_modules/crx/node_modules/wrench/lib/wrench.js:356
if (fileStat.isDirectory())
^
TypeError: Cannot call method 'isDirectory' of undefined
at /usr/lib/node_modules/crx/node_modules/wrench/lib/wrench.js:356:42
at Object.oncomplete (fs.js:107:15)

I think there is a mistake in the README.md. In the Module example.

Line 10 : return crx.pack(function(crxBuffer){ -> return crx.pack().then(function(crxBuffer) {

Google generates 2048 bit keys by default now. Perhaps crx should do the same.

https://github.com/oncletom/crx#crx-keygen-directory

What do you think about moving to TypeScript?

I had to do it manually instead of using crx object.

var pem = fse.readFileSync(pemFile);
var key = new RSA(pem);
var publicKeyPem = key.exportKey("pkcs8-public-pem");

This key in PKCS format without line ending and header, footer is used in 'key' property in the manifest.
https://developer.chrome.com/apps/manifest/key

This allows to have consistent extension id for unpacked extension placed in any folder.

Writing private key file inside extension's directory is just an accident waiting to happen ;).

Maybe it would be safer to default to creating it next to the directory instead?

https://github.com/oncletom/crx/blob/master/bin/crx.js#L18-L19

How soon? :)

bitHound discovered 1 LintIssue, and 1 TodoComment in src/crx.js. For details go to bitHound.

It seems to be related to Buffer.

When I use case generation, an error is reported as follows 。eg:
The line code： fs.writeFile('./myExtension.crx', crxBuffer);
error:
TypeError [ERR_INVALID_CALLBACK]: Callback must be a function
at maybeCallback (fs.js:133:9)
at Object.writeFile (fs.js:1139:14)
at crx.load.then.then.crxBuffer (d:\HuffService\test.js:15:8)
at process._tickCallback (internal/process/next_tick.js:68:7)

There is a confusion between load (load manifest) and loadContent (actually generates a zip buffer).

We do not want the constructor to perform any FS operation to allow users to delay the execution.

Ideal flow:

var crx = new Crx(…);

crx
  .load('./src')
  .then(crx.signedPackage)
  .then(function(signedPackage){
    fs.writeFile('./dist/package.crx', signedPackage);
  });

Hello I am using the grunt-crx-pack grunt extension which uses your library.

It runs into an error packaging a chrome extension on Windows.

{ [Error: ENOTDIR: not a directory, scandir 'D:\chrome\listOfLists\dist\delete.png']
  errno: -4052,
  code: 'ENOTDIR',
  syscall: 'scandir',
  path: 'D:\\chrome\\listOfLists\\dist\\delete.png' }
Error: ENOTDIR: not a directory, scandir 'D:\chrome\listOfLists\dist\delete.png'
    at Error (native)

AT first I suspected wrench which claims to be a deprecated package.
But when I tried to replace the wrench.copyRecursive() call with fs-extra.copy() I ran into another problem.

I just want to automate the packaging of the extension and grunt seemed the right tool.

Hello,

I try to package an extension through your module but it throws error on almost all configurations I try.
In my extension directory, I have 2 things:

• key.pem
• src/ in which I have all html, css and js files

When I type, following your example, crx pack src/ -p key.pem -f, this error is shown:

node.js:201
        throw e; // process.nextTick error, or 'error' event on first tick
              ^
TypeError: Not a string or buffer
    at [object Object].generateSignature (/usr/local/lib/node_modules/crx/src/crx.js:110:10)
    at [object Object]. (/usr/local/lib/node_modules/crx/src/crx.js:23:16)
    at [object Object]. (/usr/local/lib/node_modules/crx/src/crx.js:122:26)
    at exithandler (child_process.js:276:7)
    at Array.0 (child_process.js:292:7)
    at EventEmitter._tickCallback (node.js:192:40)

However, when I package using Chrome, it is successful (such as the extension install):

/path/to/Google\ Chrome --pack-extension=./src/ --pack-extension-key=./key.pem

node --version
v0.6.2

crx --version
0.2.0

When I use node to run 'CRX = > CRX. Pack(); fs. WriteFile ("xpd",crxBuffer)', the content of the CRX file is not complete, but it is complete when I use the CMD command 'CRX pack - O xxx'. . I want to know how to solve it. I look forward to your reply.Thanks.

According to docs privateKey should not be required:

• https://github.com/oncletom/crx#crx--new-chromeextensionattrs
• https://github.com/oncletom/crx#crx-keygen-directory

However, without providing the key, the crx object will just print an error message to console and exit:
Error Impossible to generate a public key: privateKey option has not been defined or is empty.

Am I missing something? Is this behaviour expected?

( A test case can be found in this repo: https://github.com/scholtzm/crx-issues )

Hello. Our extension runs as a sanboxed webpage when you visit our extension URL (ex: visiting chrome-extension://bdlknlffjjmjckcldekkbejaogpkjphg/main_window.html opens our extension)

Version 2

When using version: 2, my resulting extension always gets the same extension ID. This is important because our tests start by opening a hardcoded URL I mentioned above.

const crx = new ChromeExtension({
  version: 2,
  privateKey: fs.readFileSync('./my-key-path.pem')
  // rest of configuration here
})

Version 3

When using version: 3 however, the extension id is not only different than the one in version 2, it is different every time our tests run. Is this by design or is this a bug? All Chrome extensions on the Chrome Webstore has a fixed extension ID based on the private key of the extension and that ID stays consistent even in CRX3 so I assume the behavior of this library isn't intentional.

There are regular bugs (#57 #17) about temporary files not being deleted.

Plus I do not like the idea we generate temporary files during crx.load and copy them again into a zip archive.

Here is the proposed plan:

• crx.load() should load only the manifest
• a new method should:
  1. locate the files in the folder containing the manifest.json
  2. filter out the ones which do not comply to exclude rules and list them for audit/inspection purposes
  3. return a map of src/dest to include in the extension
• pass the src/dest list to archiver.bulk during crx.pack()
• archiver.glob contains all the necessary selection and exclusion logic

Many advantages:

1. we reduce the number of dependencies
2. we benefit of an exclude system which can back #49 and/or #51 and mostly thom4parisot/grunt-crx#44
3. everything is achievable with archiver directly
4. the user is in control of what is written on disk

Hello,

I told you during LXJS it could be interesting to generate RSA keypair in pure JS to have a very portable code (and eventually lead to an extension… packaging extensions :-D).

I've spotted so far:

• keypair
• node-bignumber
• node crypto module
• jsrsasign

And eventually discovered jspackcrx.

I get this error with io.js v1.0.3:

$ npm test

> [email protected] test ./crx
> node ./test/index.js

TAP version 13
# it should pack the test extension
buffer.js:170
      length += list[i].length;
                       ^
TypeError: Cannot read property 'length' of null
    at Function.Buffer.concat (buffer.js:170:24)
    at null.<anonymous> (./crx/src/crx.js:220:29)
    at emit (events.js:92:17)
    at emitReadable_ (_stream_readable.js:404:10)
    at emitReadable (_stream_readable.js:398:7)
    at onEofChunk (_stream_readable.js:381:3)
    at readableAddChunk (_stream_readable.js:126:7)
    at Readable.push (_stream_readable.js:106:10)
    at Transform.push (_stream_transform.js:120:32)
    at done (_stream_transform.js:183:17)
npm ERR! Test failed.  See above for more details.

E.g. if the manifest.json file doesn't pass properly...

SyntaxError: /private/tmp/crx-c3g6x368nfw/manifest.json: Unexpected token u
  at Object.parse (native)
  at Object.Module._extensions..json (module.js:475:27)
  at Module.load (xxx/node_modules/eco/node_modules/coffee-script/lib/coffee-script/coffee-script.js:211:36)
  at Function.Module._load (module.js:312:12)
  at Module.require (module.js:362:17)
  at require (module.js:378:17)
  at [object Object].module.exports.load (xxxnode_modules/crx/src/crx.js:54:23)
  at ChildProcess.EventEmitter.emit (events.js:96:17)
  at Process._handle.onexit (child_process.js:678:10)

Error should be passed to callback.

I was looking into integrating grunt-crx with my windows builds, unfortunately this package does not appear to be windows compatible. A couple of examples (from crx.js):

spawn("rm", ["-rf", this.path])
var child = spawn("cp", ["-R", this.rootDirectory, this.path])

Are there any plans to add windows compatibility? If not I may be able to make a contribution. It would be a big upgrade from our current process if my team could use this on windows.

Chrome version 71.0.3578.98 (Official Build) (64-bit)
OS: macOS 10.14.2
node v11.5.0
crx 3.2.1

When trying to pack a crx with the following command: npx crx pack dist/chrome -p chrome.pem > dist/voc-api-chr.crx , the .crx gets generated without errors.

When I try to load the .crx in Chrome however, I get the error Package is invalid: "CRX_HEADER_INVALID".

Packing with Chrome manually works fine.

var crx = require("crx")
console.log(new crx().generateAppId("c:\\a")) // dkofdgpiohgjhcbnlhpmdmljinhhddlj

Chrome gives you different id:
ID: igchicfaapedlfgmepccnpolhajaphik
Loaded from: C:\a

I would like to have an option of calculating public key from the path.
https://stackoverflow.com/questions/45661524/chrome-extension-id-algorithm-for-local-folder/48567389#48567389

I'm packing a directory using the same private key twice, but two output files have the different hash. However, packing crx in Chrome will generate two identical crx. No matter which packing methods I choose, those crx are all working as expected but I'd like to know the reason for the different hash.

crx pack src -p key.pem -o src1.crx
crx pack src -p key.pem -o src2.crx
md5sum src1.crx src2.crx

Cheers

Cf. https://wiki.mozilla.org/WebExtensions#Packaging

It means zipping + suffixing with .xpi.

The temporary folder (crxXXXXX-XXXXX-XXXXXXX) is not being deleted after the process is finished.
Is it known?
Maybe it's only on my working station?

I'm using the crx module (3.0.3) inside my module on node v0.12.7

Platform: Windows 10 - 64b
Node: v6.11.1
npm: 3.10.10
crx: 3.2.1

1. I've run: node ..\node_modules\crx\bin\crx.js pack -o build.crx and it generated the build.crx + key.pem
2. I've tried running:

const fs = require("fs");
const ChromeExtension = require("crx");
const crx = new ChromeExtension({
  codebase: "https://domain.com/build.crx",
  privateKey: fs.readFileSync("./build/key.pem")
});

crx.load('./build')
  .then(crx => crx.pack())
  .then(crxBuffer => {
    console.log("writting");
    fs.writeFile('builx.crx', crxBuffer);

    const xmlBuffer = crx.generateUpdateXML();
    fs.writeFile('update.xml', xmlBuffer);
  });

And doesn't output anything.
Also tried moving generateUpdateXML outside the crx.load and throws: throw new Error('Public key is neither set, nor given');
I've checked and pack command didn't save any publickey.
¿What can i do to make this package work?

Built on top of #66

• crx pack 'src/(app|assets|controllers)/*.{css,html,js}' (otherwise it is OS interpolated)
• crx pack . === crx pack './**'

Sorry for naivety but why do I have to link to a .crx file? I though the purpose of this library is to generate one?