#👾-core-development

oh, it aint even part of the standard library

hmm, nodejs has a crypto built-in lib

that could be used, but it is way overkill at this point

what about base64? we do have atob("...")

why would you do that lmao

just use the string

it feels wrong to use the string as is

the string could be 2000 characters long

I guess ideally the installer should only use root perms when it needs to, but that's probably out of scope here

good morning github

I want that but how do i integrate sudo/doas into the gui

password prompt and stuff

i think i could prompt the user for password but i don't really want to do that

probably requires messing with pam

I'd rather use some framework like PAM

but not everyone will have that

not all systems have pam

ye I'm not sure if there's a portable and safe way to do it

i think the only portable way is prompting the password from the user in ur app then making sudo read the password from stdin

but i dont think doas can read password from stdin

oh my god why do you do this doas

man doas

uh, what if you run it w/o args?

but ye i hate when clis do that

i hate it when they only support -h

but not --help

meanwhile gnu coreutils only support --help and not -h

"no help for u read man or gtfo"

xd

well doas doesnt have a way to read password from stdin

honestly i'd never even heard of doas until the other day lmao

sounds like a pain

it is

why do people use it

so limited

it's not like sudo is hard

"security"

sudo is very bloated and had a bunch of bad cves in the past

sorry i ont have the mental capacity to use sudo

as if such an important thing doesn't get scrutinised constantly by security researchers tho

rewrite sudo in rust

blazing fast

i tried using doas but

1. it prompts for password every time (i know i can change it with config but why would i mess with its config if sudo does what i want ouf of the box)
2. it has no support for environent variables: doas VARIABLE=hi sh -c 'echo $VARIABLE'
3. just generally very limited

2. is very annoying wtf

why no variables

i use 2 a bunch

you love preserve-env

i think its uh

-E

permit persist :wheel in /etc/doas.conf

from opendoas readme

!!

u also have to configure sudo to do that but you probably forgot

you dont

it does that by default

for 5 minutes

sudo caches by default

yeah

j

sorry i dont have mental capacity to read on sudo defaults

funny config

i bet one of those NOPASSWD ones is somehow abusable to spawn a root shell

but idc

xdd

security through obscurity is very real and safe didnt u know /s

reckless 😔

how

all of those are there cause i automated them with scripts

so i cant really enter my password

wtf is ceserver i dont remember

it's my backdoor i forgot in your system mb

LOL

lmfao

oh you probably use those cmds a lot and entering password must be annoying each time and are generally safe

.

oh yeah i was using cheatengine to do cursed shit in plants vs zombies with wine

lmfao

hop on PvZ

Bloons*

tldr: getting cheat engine to work in wine is absolutely cursed

lmao

someone hacked my game with cheatengine smh

also one more thing about doas

theres no doasedit

I never actually use sudoedit

you should

sudoedit is superior

owo

it runs the editor as your own user instead of root

sudo ven --hug

more secure and has the great benefit that it uses your own config of whatever editor youre using instead of the root user's config

owo

nope i will su -c "echo 'key1=value1\nkey2=value2' > /etc/veryimportantconfig"

husk

nice

i will use now

rm /root/.config -rf && ln -s /home/username/.config /root/.config

NOOOOO

thats such a terrible idea for security lmao

might as well just run everything as root then xd

but its also kinda annoying cause it doesnt allow editing files that are symlinks and doesnt alow editing files in non root owned directories

idk why

oh

weird

explode

explo

explod

wayland wont let me

https://bugzilla.sudo.ws/show_bug.cgi?id=707

that explains both restrictions

oh

I think I actually remember hearing about this xd

basically you can create symlinks to anywhere so you could bypass sudoedit restrictions by symlinking arbitrary files to ur home director

makes a lot of sense :w

you're using vim commands in discord

LOL

:qa!

vim /home/megu/ven

:: packages not in the AUR: catppuccin-gtk-theme
:: marked out of date: android-apktool citra-qt-canary-bin klogg-bin riseup-vpn spotify ttf-twemoji-color
:: orphans: xf86-input-joystick

whats more unsafe:

• symlinking your .config to /root/.config
• installing flutter

(its the latter)

lmfao

every time i install flutter i feel like im installing 3 viruses to my system

im a virus

so your pr in install script works for running as root on wayland ? @woeful sable

yea

mm okay

i would much rather just not run as root and instead only escalate the actual commands

but shrug

apfel

who is the ajrx person

@quaint sapphire

ah

https://cdn.discordapp.com/emojis/772154004485963786.webp?size=48&quality=lossless

teal did u ever get this cleared up cus i can explain it to you

explain what?

was i blind?

yea

kinda

i think u misunderstand functional components

and what rerendering means with them

uhh, you might have misunderstood what i meant by using that word

a rerender of a FC doesnt mean a new lifetime / instance

i meant that the component would be discarded and recreated if the text was to change

that would be a remount

it wouldnt be updated

thats not true

cause the text is not stateful

in any case the tokens are stateful

i see what u meant though

the tokens wont change if the source code is not stateful

the tokens will change if the theme changes

thats an oversight from me ig

also im pretty sure that props are part of the components "state"

which is why fibers keep track of memoized props

not entirely certain about that because i havent read the source code for that but i think its true

uhh, iirc only if the props passed, themselves, are also stateful

from what I see, the tokens are not stateful
they just get regenerated when the theme changes bc the component is called again

anyways this is a pointless convo

and i aint a react expert

what do u think state is

because thats all that state does with FCs

I really don't think of anything

I'm no react expert

thats ok

I'm just a brainless user of the lib

thats okay lol, idk if u like knowing things but if u did a convo would help

anyways time to address code review

I like knowing things
I just don't control what they are

My brain works at random

@austere talon is it necessary that signal is a state

in useAwaiter

oh i didnt see pending

my b

discord uses dangerouslySetInnerHTML too right?

signal?

i think setSignal was just for forceUpdate

it's a very dirty hack

just remove it and replace with dependency array

oh i thought it was for cancel

the signal was for

const [res, err, pending, refetch] = useAwaiter(() => fetch(...));

// on demand
refetch()

this is kinda intersting

do u want me to rewrite the logic for pending

feel free to change it as necessary

so taht if deps change pending will go back to true

just make sure it still works the same as before

death

oh yeah that should definitely be done

i'll change it and save the testing for later

that was an oversight by me

yeye

also thank god discord is on react 18

state batching 🙏

react 18 cool

but r.jsx() my hatred 💔

what is this

React.createElement replacement

i thought it was React.createElemen

difference?

it is react createElement with slight changes

basically because createElement has some performance bottlenecks

and they didnt want to do breaking change

they made a new api

nooo not a breaking change in a major release

the difference is that children are now an array in props instead of being passed as varargs and the key is now passed as third argument

did they deprecate

breaking changes are a pain to work with

jsx("div", { children: ["hi"] }, "my-key")

oh but also there is both jsx and jsxs

that makes sense

whenever you return an array it uses jsxs if i understood correctly

in dev it shows the key warning

in prod jsx = jsxs

ah

no

interesting?

React.createElement is still what you should use

jsx is only to be used by the compiler

but jsx() is way more painful to regex match than createElement

😔

f

cause children are so cursed

what compiler uses .jsx format

wdym

or supports

like jsx in general or do you mean the function

in general

like what compilers support that format as of now

babel, swc and esbuild i think?

makes sense

is ref still in props

oh also jsx() has the benefit that you dont need to import React anymore

https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html

wha

before you had to have React in scope

to use jsx

so you had to import React in every jsx file

yea

see that article i linked

this was possible beforehand

but ig now its standardized

thats cool i think

@austere talon where should i put useIntersection

idk tbh

util/react.ts?

also no worries

kk

should i move useAwaiter there too

yeah

i should clean up utils

xd

actually probably dont move useAwaiter

cause it might conflict with other prs

oh true ok

i'll leave that for u

well

im already updating useAwaiter that breaks people using refetch

or onError

what did u change

i removed refetch

and i put deps before onError

maybe use an object instead

sounds good

useAwaiter(
  () => fetch(),
  {
    onError: e => ...,
    deps: []
  }
)```

so its easier to add new stuff in the future

fallbackValue as well

and not pain to use if you only want onError

yea

also dont forget to update plugins using it currently

i did ya

i made a dirtyRefetch for reviewdb inside the plugin

that u can change later

refs are so weird

how do i set the initial value of a ref

const ref = useRef()

return <input ref={ref} />

how do i set the initial input???

wdym

initial will always be null no?

dzshn:nya/ % z v
dzshn:is-even/ (main) % z ven
dzshn:is-even/ (main) % z venc
dzshn:vencord/ (main) % 

fastest cd'ing

zsh my beloved

i wanna try fish

idk sounds fishy

no

@austere talon when u said named functions over arrow functions

did u mean like named rather than anonymous

or using the function keyword for named functions

i hope ven didnt go to sleep

he sleeped

liar

- const foo = () => {
+ function foo() {

yea that makes more sense

yay vscode

wait

do u want stuff like copy to be a function

@austere talon

you decide

I usually still use function inside closures

but doesn't really matter

unfortunately read this in the ERB voice

@austere talon merge or die

wtf is that svg

svg almost as long as BDFDB

very beautiful

show

stolen from juby

https://cdn.discordapp.com/emojis/590227246564769803.webp?size=48&quality=lossless

lmao

why not just do copy button

because raw

does that make a fiber for each svg path

did you just copy that patch from hide attachments lmao

Yes 🤫

MiniPopover api would be useful

u should just

wait i do need to check if they're compatible lol

use the input context menu

yeah

theres already the send message button toggle

make sure they are

Well it should just work I think with how the patch is written

uh

i enabled it but I don't see the button

hehe

does that makeItem support onContextMenu?

error in console?

i'm not sure

Also hide attachments only shows up on messages with images

oh

yeah not showing up n

raw is showing up

but not hide

check console then

nothign

Also ^

not sure

try it

would be cool to make right click copy whole message json or smth

I was going to

but

lazy

I mean assuming makeItem supports context menu it'll be a piece of cake

wait quickmention also uses that patch

i'm looking at the regex, it should be compatible

now i refreshed again and hideattachments is shown

really make a api

both work?

no

it's one or the other

lol

yeah gotta change the patch then

or make Mini popover api

er i changed the regex and this happened

it replaced the shift+hover

lmk when ur done reviewing so i can push

Make context menu api smh

ugh

i won't be able to make the api ven

no time

@austere talon

i love how you both are talking in github

oh yeah the old code also uses unknown

I think someone else added that code

I would never use unknown

unknown is like very pain

const text = err?.message || String(err)```

if it's any this works, if unknown you gotta cast

i don't even wanna know how you're making shiki with plaintext patching

it's just one single patch

just replace discords codeblock react method

and return ur own component

yea the old plugin was functionally an instead patch too i think

unknown is nice as an input since its typesafe

i guess thats if ur trying to write type safety in a verbose way

yes but type safety should be optional, not forced

this code is perfectly safe (unless message is a cursed getter but then cast won't save you either)

casting to Error is obsolete

so having err as any is nicer (imo)

oh

so now it's just making it ts

i would agree if we werent using strict mode

also i wouldnt say thats perfectly safe since err.message could be a non string

const text = err instanceof Error ? err.message : String(err) is not much more lengthy imo

although not a perfect solution if u care about err.message being empty

brave problems

horror

that's true ig but I trust myself not to throw some random object with a non string message

real

I think instead of Use shiki instead of, it would make more sense to say Prefer shiki over

cause otherwise it sounds like it's using either or

instead of sounds like either or to me lol

maybe like "Use HLJS with Shiki as a fallback"

yeah that's why I'm saying change it to Prefer

yeah that's good as well

oh Prefer

i like prefer more

my god

ok did that

46 chats moment

lmao

merged

my brain is not working

vendicatedddmachineee what do i do #🧩-plugin-development

looks good now I think but I'm too tired to think

gonna check it out tmrw and probably merge then

thanks for fixes!!

its ok u can make sure its good tmr ya

also arrpc bug lol

too tired to think but thinks that it looks good now

looks like it just needs update for the get asset finding

not sure

i think its because it runs on dom load

and the those modules are in lazy loaded chunks

so if the websocket readys quick enough

it wont find them

https://github.com/Vendicated/Vencord/blob/main/src/plugins/arRPC.tsx#L33

**arRPC.tsx: **Line 33

const rpcManager = findByCodeLazy(".APPLICATION_RPC(");

this seems to find the wrong module

oh i was reading the arrpc userscript code

silly

"Rp.lookupApp is not a function"

Rp = rpcManager

try this filter with a findAll in the console, I bet it'll find multiple

i figured it was async transpilation stuff hehe

probably just needs a more precise filter and it'll work again

kk

i got cookies

how do i make an api

wait they have to be plugins?

pc- flashbacks

1. create file in src/api that exports methods to interact with it
2. create complementary api plugin if needed that does patches

maybe get them to run it

they're plugins for simplicity

hmm

exactly what pc- was

but does it have a lookupApp method

cmon

I guess but at least this time we aren't cluttering people's plugin folders

the idea is to hide api plugins from plugins page soon

idk why I even showed them in the first place lol

yea my thoughts

lol

they're fine staying there

i like how they're just disabled

I wish they weren't plugins but then I'd have to reimplement all the life cycle logic and so on

reusing the api is much better imo and u even had a required field

but from my perspective showing them is like showing all the utils and other api things

I think I will introduce a "hidden" flag on the plugins object that hides plugins from settings (moves them in its own "hidden" category)

or well we could just make that flag push them to the very bottom

so they still show up but all the way down 👇 👇 👇

like in a different category like the required ones

use case?

i'm confused what does this do

toggleable apis?

api plugins aren't on by default

only if a plugin that depends on them is enabled

ah was just gonna ask if theres deps

but some users may still want to enable some apis without enabling plugins

that makes sense then

to for example use them in the console

ya

just inserts Element into the array

Also some apis may have their own settings (potentially)

confusion

what

for example I want to make a keybind api at some point where plugins can register their own keybinds and then users can customise those

that would be easy ngl

i was doing that in replugged before swc

https://github.com/Vendicated/Vencord/blob/main/src/plugins/viewIcons.tsx#L38

**viewIcons.tsx: **Line 38

dependencies = ["MenuItemDeobfuscatorAPI"];

oh god that plugin is a class I forgot

cursed

omfg

Classes good

no sadly

typescript could have made classes so much better

What's wrong with them

interface IFoo {
   bar: SomeComplexType;
}

class Foo implements IFoo {
   bar = {} // WHERE INTELLISENSE TYPESCRIPT
}```

you literally have to type twice with classes

the definePlugin function on the other hand gives you full intellisense

wtf how does this function work

you can use functions as replacements

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/replace#specifying_a_function_as_the_replacement

Doesn't seem like a deal breaker to me but whatever

it is

Also is it different with abstract classes

no

you lose all intellisense for commands, patches, etc unless

1. we use terrible builder patterns like discord.js which is ugly
2. we use a defineCommands and definePatches function which is ugly
3. you type them manually which is ugly

another option would be specifying the entire data in the constructor super call but like now it's basically the same as the old definePlugin

vs code or jetbrains?

the only benefit of using class is better this in nested objects but you can just work around that by just storing your plugin in a variable instead of directly exporting it

so I'm still against classes

you can use classes in ur plugins if u want tho lol

VuewIcons shows its possible

@austere talon just checked, contextmenu does work

neat

i mean you do have the required flag

ye but only settings and NoTrack and notices api are required

just did the api

seems to have worked

time to test multiple buttons

but does it always insert in that exact position or can you choose position

both are fine imo but the latter would be cooler

too lazy

it isn't changing the icon or text tho

https://github.com/Vendicated/Vencord/pull/275 @austere talon api there, gotta fix that bug tho

copyraw plugin done?

😐 i wonder why ppl hit the fork button instead of the star button

They're about to make a token logger and submit it as a pull request /s

interesting that there is 17 PRs to be merged

open PRs does not mean they're ready to be merged

lmfao

as i see, some, or most of them are waiting to be approved mostly

after they did all the requests

basically

did you add modal?

@austere talon VEN PLS REVIEW MY CHANGES AAAAAAAA

oh for the flatpak

yeah soon

(yes i have anxiety for my prs to be merged)

Noooo

Fu

I'm lazy

just steal from juby

Lazy

Nice, got a link to install it?

Pr

sorry i don't understand what Pr is

just wait for merge soon

it shouldn't be hard cause we already export all Modal Components from utils/modals

for parsing codeblock it's just Parser.parse(String) from commons

Fish will explod

I mean i can also help with modal later

but it shouldn't take longer than 5 minutes

Lazy

Pull request

oh okay 🙂

which is absolutely massive
@austere talon stop talking about my mother

@austere talon @austere talon

YOU KNOW WHAT I AM GONNA SAY

https://github.com/fregante/chrome-webstore-upload-cli

zsxddcfghjkl;'

yes

NO

Tharki will pr soon

this plugin should list MessagePopoverAPI as dependency

this plugin should list MessagePopoverAPI as dependency

the quickMention plugin could also use this api right?

I did required: true @austere talon in the api plugin

dont

quick mention could

Why

just add to dependencies of the plugins using it

Notices did that

Ok but

yeah because notices are used by Vencord itself

thats why it's required

Ok

I'm supposed popovers came after accessorie

the popover api isn't required unless a plugin actually uses it so should be made dependency instead!!

@spark cove testing shiki rn

can we maybe add catppuccin to the default themes?

awesome theme

any reason you made this stick to the markers?

are values inbetween not supported?

Because he wants to torture people like discord slowmode does

RCE

No, still have to set up the remote part

Dw

that was vencord itself as soon as it got an auto updater

@austere talon ven pwwease check mah new pushes 👉👈

RCE plugin - execute random code on another vencord person's client

UGEHGWUGHEWE THIS NEW FONT SUCKS WTF

wgeFEWH

FUCK

#🎨-css-snippets

I used #1000955971650195588

3

2

1

pushed

some stuff

on copy raw

@austere talon ^^
also rce I still wanted to color other things

color them

Yea ber

Bet

Also what code did

Did you use

Tsesr

wha

I opened #🎨-css-snippets

just see what timestamp I commented that at to figure out what the latest message was

it was consistent crashing

One dark theme

other settings unchanged

I can debug it for you if you can't reproduce it, but tomorrow not now, I'm gonna sleep

armcord btw

ye ur good

ill debug, fix, add error boundary, and theme

oh i thought stick was like nearby snap

ye not intended

nah it means you can only select the markers and not area between

can u repro?

im soakng my finger in acetone rn

lemme setup armcord on laptop

oh wait is it armcord problem

idk haavenrt tested

hmm im not sure if I have the very latest version that had ur csp change

maybe it's that

that it can't load worker?

uh

but that doesn't make any sense, why would there be null tokens, so doubt

it would stop at init

yeah that's what I thought

and theme would be null

ugh these acrylics are pissing me off

lol what

my nails

404

arrpc

@austere talon ah i wasnt destructuring useAwaiter properly

was
tokens = [tokens: null, error: null, pending: false]
should have been
[tokens] = [tokens: null, error: null, pending: false]

i really wanna find out why typescript didnt catch that

oh lol

tokens is supposed to be null or an array?

if so, both are valid values for it

well

null or a Token[][]

and null is not a Token[]

neither is false

but since its random code you dont know which user you are targeting

Yes

token roulette

is it some random's token or is it ven's token that you got

they dont exist as just json files in their repo they are built, so i might have to either add vsix support later or just suggest people extract jsons from themes like this into a gist

vsix support would be cringe unless discord has some sort of zip file reader library already

in b4 fflate simping

It has a zlib implementation bundled

It is used for the gateway websocket

@austere talon https://github.com/Vendicated/Vencord/pull/238 is there a problem with this pr? im willing to not depend on the other pr if thats the problem. please answer

https://developer.mozilla.org/en-US/docs/Web/API/Compression_Streams_API

Once again stupid Mozilla not having a cool api

oh i forgot to comment on it MB

it's mainly that there's basically no point in doing that since the use of userplugins is extremly niche and not really comfortable rn. I want to remove it eventually in favour of basic plugin support without having to build from source

oh oki

ty

i wanted to that as well

by introducing async loading of plugins

so you can load them from localstorage

@austere talon meow what do you think of the changes on my pr

SKULL

imo indexeddb would be way better for this

async loading
localStorage
wha?

localStorage is synchronous

zlib is not zip

unfortunately

Well darn

I just saw that it has inflate and deflate methods

zip is an archive format + compression

zlib is just compression

you can bundle zip in like ~8kb bundle size but no need just don't load extensions

we already bundle a zip lib but it's in main

you could use ipc to unzip stuff if you really wanted

but eh no need imo

i could actually

yea nah

not right now at least

this one btw https://github.com/101arrowz/fflate

it's really nice

search themes by vscode extension when

nice fflate

i'd just need inflate so 3kb actualy

also last night debugging that shit was so hard

the source maps actually made it harder

devtools was breaking hard

anyways i pushed the stuff

lol what

usually at a breakpoint

u would hover over a var in the closure

and it would show

wait localstorage is sync

yes

well that makes that user plugins installing trivial

nothing would show except for the innermost block vars

same with the vars panel on the right

i guess ill do a pr for that

but non source mapped debugger was working

localStorage = synchronous, ~4mb limit (or lower)
indexeddb = asynchronous, infinite limit but at 50mb the user gets a Popup "do you want to allow example.com to write large data" or something like that and if they choose no that's where it ends

oh yeah i meant indexeddb

I put a 4gb blob in indexeddb once to test and it works

lmao

it just explodes the discord folder's size

like the cache doesnt already do that enough!!!

i dont do a lot of javascript, im usually hired for backend qa or devops

indexeddb is absolute pain to work with

https://github.com/jakearchibald/idb-keyval

this makes it nice

true it has some pitfalls i think though

ill be fine with indexeddb, i think

none really apply if ur using it as a keyval tho

when are we (the js community as a whole) gonna stop supporting ancient browsers

now

sorry

not now

i think i want to use indexdb in the next plugin

and take advantage of structured data

if i make a util it would be funny

there's a few plugins already using idb

would i be namespacing the keys

or do u use custom stores

namespacing

custom stores would be better honestly (but also maybe not worth it because usually a plugin will only write a single row)

Well it's just idb-keyval which has support for custom stores on all methods

uh mine will definitely write many many rows

what are u gonna do

but honestly it could just not

the impl in my head was dumb

a cache for spotify tracks albums etc

no need for a row per entity

oh you wanna do custom embeds

can just periodically + on stop write to buffer row

yea

why do u even wanna cache those, shouldn't chromium by default cache most of it?

assuming Spotify sets the right cache headers which I assume they do

i dont think they do :p

i can check

bad example cause this one has no cache but you get the point xd

ye

oh maye i shouldnt share device id

i think device id is just

7200seconds

the device id

2 hours

2 hours is ok i guess

caching is hard because have fun with cache invalidation xd

i was

i was gonna have fun

but now its simple

simple is good though so lets go

still need to make sure im bucketing requests

praise lodash debounce

actually theres a better one for that

lodash my hatred 💔

i made my own debounce

cause we load before lodash is a thing

no debounce is what i was thinking of

oo nice

i will use venbounce

oh also cause i use it in all electron contexts