Relinquishing of the hello-express template

I have some concerns about relinquishing the hello-express template. After a few years of using it, some might just use their browser’s history autocomplete to remix the hello-express template. Personally, I use it as I still like using express over fastly most of the time.

However, if someone were to, say, take the project name and add some malicious code, any innocent user could be a part of some sort of botnet and have their account terminated. Of course, this is unlikely to happen, but still.

did they say they’re relinquishing it?

We’re not deleting the name/project or anything if that’s what you’re worried about!

That’s super weird, when remixing the hello-express project earlier, the server.js file shows this

But when remixing it now, it’s fine?

Earlier, I’ve remixed it, and as you can see here, the chain points to a0fcd798-9ddf-42e5-8205-17158d4bf5bb, the project ID for hello-express
https://api.glitch.com/projects/dirt-shimmering-hunter (my project that i remixed from hello-express)
https://api.glitch.com/projects/a0fcd798-9ddf-42e5-8205-17158d4bf5bb (hello-express)

my project:


hello-express

A few weeks ago, a random blank JavaScript file (in spanish) was there, but nothing else appeared to be modified. Now the server.js file is completely different than the original.

I rewound it after seeing it - we’re already looking into what happened there though. It may have accidentally been added by one of us not realizing we were pasting into the app. Sorry for the trouble there, we’re way more careful with our official Starters!

Thank you so much!

I do wonder, to prevent future incidents maybe it might be helpful to transfer ownership of the starters to one account and add access to the account when needed, however this does add some inconvenience but it’s better to explicit rather than implicit here.

Well I wouldn’t consider this an incident with the starters because hello-express is not an official starter anymore, but your feedback is noted!

is this the first we’re hearing about it no longer being an official starter? previous announcements about fastify starters etc only say that new ones are added

Our official, regularly maintained starters are the ones listed on glitch.com/discover

cross reference Can we have the old Node/Express template back? - #3 by jenn

thanks for the statement

thoughts and prayers for the integrity of official projects that have gone unmaintained

Replying here since the issue still isn’t fixed
For a while, it stopped, but strange files keep popping up. I know that hello-express isn’t maintained anymore but, if hello-express owned by jenn (at least according to the API) is being modified by Anonymous users, what other projects can be modified or even destroyed?

Sorry if I sound a little paranoid haha

Hi - thanks for raising this again, you don’t sound paranoid at all! I’ve been working with the team to figure out what’s going on with this particular old project here - it’s not something we’ve seen across any other projects fortunately and also because it’s Anonymous that can very much be the platform making changes, or commands in the terminal either of us have run in yesteryears making file edits from the platform. I’ll follow up in here when we have solved the mystery!

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.