Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Archive this GitHub Project #2825

Open
candrews opened this issue Aug 21, 2023 · 8 comments
Open

Archive this GitHub Project #2825

candrews opened this issue Aug 21, 2023 · 8 comments

Comments

@candrews
Copy link

candrews commented Aug 21, 2023

Per the README at https://github.com/SheetJS/sheetjs#-new-home this project is no longer active having moved to https://git.sheetjs.com/sheetjs/sheetjs.

To reduce confusion, can you please archive this GitHub project? That way, no one will create or comment on issues here expecting a response that will never come.

Thank you!

@bliu13
Copy link

bliu13 commented Dec 7, 2023

Their new versions are also not on the npm registry. They are recommending people to install the dependency from a tar file instead.

@Mettbrot
Copy link

Two good reasons to switch to another library if you ask me.

@rap2hpoutre
Copy link

Yes, still it has a cost :/

@srl295
Copy link

srl295 commented May 29, 2024

https://git.sheetjs.com/SheetJS/sheetjs seems to be down?

@dpnova
Copy link

dpnova commented Jun 17, 2024

Whoever is running their community stuff is just slowly shutting it down? :D

@WillDelish
Copy link

Its sad to see a library I've used over the years end up like this. I hope they do archive this or just let someone else take over keep the NPM repository up to date with their own hosted git version. At this point, the library is just a pending security incident.

@geoguide
Copy link

geoguide commented Jul 2, 2024

👍 Please archive it. There are references to it everywhere and it's easy to use it by mistake.

@imsuvesh
Copy link

imsuvesh commented Nov 19, 2024

Hey Peeps, There are two forks currently publishing the latest version of xlsx on npm.
You can use whatever you like - Download via sheets.js cdn or use these forks.

  1. [Security] Prototype Pollution in sheetJS #2822 (comment)

Hey, folks! I made a little tool that allows you to continue using xlsx in your projects. It checks for updates from the sheetjs selfhosted git repository every day, and if there is a new version there, it is automatically published to npm. The publishing is signed via provenance to prevent extraneous modifications to the project (unless the sheetjs developers themselves come in to sabotage everything, of course).

All code is available for audit here https://github.com/e965/sheetjs-npm-publisher
The NPM package can be found here https://www.npmjs.com/package/@e965/xlsx

Installation into your project is also very easy:

- "xlsx": "0.18.5",
+ "xlsx": "npm:@e965/[email protected]",

(or just install the package directly and fix all the imports in your code)

  1. [Security] Prototype Pollution in sheetJS #2822 (comment)

I have created a script that republishes the package automatically to NPM.

Since the CE edition is licensed under Apache which allows republishing it with proper attribution I have made a small automated script that periodically checks the CDN and republishes the latest version to NPM if needed.
The NPM package can be found here https://www.npmjs.com/package/xlsx-republish.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

10 participants