#👾-core-development

i didnt see your pr sorry

jumpscare

yorp

@hallow kestrel aww… I really love this idea

Finally someone did it

Yaeeeayyy

I though it just looks odd having the avatar and the @ symbol lmao

i wonder if this is possible with css for now?

I tried and failed

doesnt look like it

thinking of having additional author fields

perhaps a main author and other authors fields

mainly something which differs the main authors from the ones that do minor or medium changes

@austere talon thoughts?

bitch

very not important patch so no rush to fix

can’t wait for canary user to complain about being to see them

that patch is just a fix for something very minimal

no one is gonna notice

})},"overflow")) - works on stable as well

where did the 1 go

bascially what they did was +1]})})},"overflow"))

but for sake of stable compatibility I just removed the one for now

ah

did they just push stable wtf

they did

do you know how to load all chunks

nope

it's a console shortcut

loadLazyChunks()

noted

do it

and check if the find is unique

what do you mean?

as in 1 or

load all chunks and search for this in the devtools

check if it's only one result

ok

its the only one for })},"overflow"))

okay nice

same with +1]})})},"overflow"))

then we can switch the find for that

this got pushed to stable from what I can tell

pr it for dev

I will merge

🔥

lemme make a branch rq

also is it me or your fork has the discord types branch from ryan merged?

equicord or disbored?

fun fact: this turns your discord pink

equicord

wait what

it doesn't to my knowledge

how lmao

wait why does it do that

screenshot I wanna see discord pink

ah okay

IT DID THAT TO ME ON REPORTER

before

everything was pink

only accents

though

after

LMAOOO

that's so fucking funny I wonder what chunk does that

is this the vencord theme

no that's discord stuff

kinda makes a fire theme tho

loadLazyChunks forcefully loads everything that discord would lazily load at some point

like how it only loads settings when you open them

should be right

I forgot how to do the correct branch through git so I had to nav github.com

horror

use the one that doesn't include the 1

That's weird, my force load function — which loads every chunk registered in the webpack, not just those that would actually eventually be loaded — does not pink

alr

show the code for it

https://github.com/Kyuuhachi/VencordPlugins/blob/main/WebpackTarball/webpack.ts#L50-L60

I know a difference from our implementation which could be the reason

Yeah the implementation is very different

I love that all I commit to vencord is 1-3 character changes

yours is more simple because it only loads them

but doesn't require their entry points

Oh, does yours execute them too

yeah

Yeah that might make a difference

pr is good

however

i figured the pink might had come from a lazy css chunk

I like pinkcord

but if it was only that your implementation would have caught it

No, I don't load css chunks

Only js ones

you do

indirectly but you do

it changes all the brand colors to hotpink 😭

I'm almost certain a css chunk always has their js part of it

and you forcefully load all the chunks that have js files mapped to them

when you call .e you indirectly load the css part too

Hm

I've never noticed any side effects like that

I'm almost certain but you could test more if you want

There are side effects such as some chunks overwriting the whole webpack object though, so I had to work around that

wreq.e internally uses wreq.f which js an object used for loading the js and css part of chunks

huh?

that doesn't happen

kyuu exploding stuff 101

actually I think it's cuz you are loading chunks meant to be inside a Worker

Actually you're right, it does pink

they have importScript stuff inside their own webpack instance

Must be a recent addition

someone debug and find where they turn the stuff pink

if anyone wants of course

https://discord.com/assets/9fdfe2ca9090245f5074.js is one of the chunks that overwrites webpack

hotpink

how do I even turn everything pink

btw don’t put this your QuickCss

@import url("https://discord.com/assets/0817de0ebfeebd74217a.css");

...

hotpink 🔥

yep it's a chunk for running inside a worker

notice how it has importScripts(

that's why it includes its own webpack instance

new discord theme leaked 🔥

real

I really should make my extractor include the css

Makes sense

But I don't suppose there's any way to detect which chunks do that before actually loading them, is there?

https://github.com/Vendicated/Vencord/blob/immediate-finds-modules-proxy/src/debug/loadLazyChunks.ts

you just have to fetch them first

I guess

wtf some things are hot pink

others aren't

hotpink booster

also

for your plugin you could just use that function to loadLazyChunks lol

no need to implementation on your own anymore

Hotpink is in module 59051, loaded as if (_24.default.cssDebuggingEnabled) require.e("59051").then(require.bind(require, 459645))

lmao

makes sense

I don't know why the .e'd module id is different from the require'd one

it's almost always like that

that's why it's so complicated to force load everything

Hm, okay

I haven't looked into that recently

you are required to manually look for where a chunk is loaded to find its entry point

(the required id)

not so long ago there was an object which had every entry point mapped to the chunks required to be loaded

you prob remember that

wreq.el

but yeah that's no longer generated

Yeah sounds familiar

loadLazyChunks is much slower than mine since it's less parallel

wtf stable just keeps crashing when I enter here

But it does successfully load everything except while avoiding the 7 worker shits

it's literally as fast as it can be

uses promise.all everywhere it can

however it requires a chunk to be loaded to finally be able to search for another chunk

which I can see where the difference comes from

Yeah I think that's the main part

Plus it does another fetch for each file beforehand, but the cache ought to take care of that, right?

I have no clue where this hot pink is coming from

yeah

^^

ty

do you want the css that makes it happen?

I have it

ah

DEVELOPER_OPTIONS_CSS_DEBUGGING

Hey, where did the discord devtools button go btw

Used to be a bug net icon next to the vencord toolbox

Looks like you're supposed to be able to toggle css debugging from there

try clicking the help button in the top right

hovering over it*

Clicking it opens https://support.discord.com/hc/en-us, hovering it shows a tooltip

check your dev settings maybe you need to enable

Did I accidentally untoggle the is staff setting somewhere

it was removed I think

Oh, it's a setting in experiments plugin

if anything I know there is a flux event you can dispatch to open it

Enabling that setting made it work

But it seems the css debug setting isn't there

The file contains lots of strings about build overrides

Probably somewhere under developer settings » add build override

Eh, I don't care enough to look into it

Probably that setting is meant to find things that are colored with absolute colors instead of --green-300 variables

oh wait you are right

very interesting

I remember they fixed some hardcoded stuff some weeks ago

im done trying to forcefully disable randomy things to do with css debugging

I'll accept my fate of hot pink

Try deleting the stylesheet node from the dom

Or unchecking it in the stylesheets tab, I think that's a thing you can do

will use

NO

@desert cosmos the actual section heading exploded for no reason i think

Is it just me or does this look AI written

Not the PR but the message

meh

esl etc etc

it does, but it really doesnt matter lol

what

Were sounded better imo, there’s no need for a change.

yop

thats because its the grammatically correct way of writing that lol

seems like both are correct

but singular sounds so awful

were is more proper

@rugged spire I remember you were working with the sentry in the electron side

does that need to be disabled?

yeah

no

I don't know anymore

discord already has us blacklisted

yeah but still

I originally decided to nuke it because the sentry version was super buggy

it's funny how they have us blacklisted on electron side but not on renderer side

since one we already disable and the other not

remember how everyone was spamming #🏥-vencord-support-🏥 about it

I didn't see that

at this point my opinion is that sentry disabler in native should exist but only if it can be done in a non-hacky way

can you link me a message?

it was only linux users using the debian package

and what would be a non hacky way

have you seen how we disable the one in the renderer?

Yes. Do not tell me to do it that way before trying to do it that way yourself because it doesn't work

unless you can load the sentry from the asar it will load immediately and any patch is relatively too late

I'm not

#🏥-vencord-support-🏥 message

I'm just saying we do things in very hacky ways

ohh I see

I want you to know my "solution" was just blatantly monkeypatching require

No I am not proud of it.

to be fair the base of anything is a monkey patch

vee kept telling me to just insert null into the require cache directly but uh I really couldn't reliably load the require cache in the first place

I might try it for fun

Good luck. TL;DR of what you need to do is make require("@sentry/electron") return null

https://github.com/Vendicated/Vencord/pull/2706

The Horrors

I will try next week when I'm home

not really a feat but who cares

oopsies

yay

canary...?

non existent

deleted from existence.

jshandle prob

cool

they changed the endpoint of asset files

ah

https://static-edge.discord.com/assets/c793752d4a84fc952975.js

what the fuck

oh they did

where do they get the static-edge from

edge as in microsoft edge

🙏

I can't fix this so someone else will have to do

it's in the global env

actually can someone send me the web.sjsjsjsisnsisjsj.js file

from canary

wtf its directly google servers

Google-Edge-Cache

GLOBAL_ENV.STATIC_ENDPOINT

does that exist in stable?

doesn't seem to be yet

it's blank on stable

can you do this for me

sure

here

webpack needs to append that when loading chunks to lets see how it does

interesting

yea static-edge is just pointing to google cloud

Nop

Not google cloud

wdym

edge cache is part of google cloud

edge cache is at your ISP (kinda?)

https://peering.google.com/#/

nop

there's a difference between an isp and a datacenter that google rented out xd

yes

but what if the ISP effectively has a google cache server

i'm not confident thats whats happening in my case

hm

might be other side of my country cache server

okay I suppose since the script is hosted in https://static-edge.discord.com, when you fetch /assets/... it automatically tried to fetch using static-edge

but vencord is ran on normal discord.com so it tries to fetch the wrong url

WHAT IS THAT

@limber skiff it seems like discord.com still hosts all assets from static-edge.discord.com

then why would the fetch be failing

strange

cors error is what loadlazychunks does

I see

1 of the many

LMFAO

we love canary ❤️

was that directed to my PR? (#2725)

I actually love this idea

yeah but I'm not saying your work is not good in any way

Solves the problem of "I want my work to be credited but this isn't notable enough to say I made a significant portion of this plugin"

It just made me re-think about how sometimes someone does a huge plugin on their own and another person adds another good feature another time and get credited as a whole too

oh you mean the devs array

eh you can remove me, I dont mind

it's not specific to your pr

would definitely be nice to have

I was confused because I thought it was about the functionality of the plugin lol

but how would these additional authors would be shown in the UI

idk?

maybe hide them from contributor modal

maybe like that +9

oh yeah

that all additional authors go into that overflow thingy

But then you have to determine what is a major or minor contribution

yeah fair

Though I guess that's kinda already the case

yep

this would be nice but having a title there would be good too

I mean like, lets take the pr I made, it's relatively small, but it's 20 lines added out of 60 total lines

That is significant IMO (at face value)

Maybe just add a separate creator field

it's definitely worth credit but not to be considered a main author

yeah reasonable

unrelated to the author thing, I did the changes you wanted btw

oh nvm I should remove the export

agreed, but also at the same time I propose something different

what is it

something like this

wtf did i cook with that enum name

Just one small issue with that

shut

you didnt see that

its fine

Love me some [object Object]

we can rework entire devs list code

Is Dev.name ever used anywhere

no

we don't need something so specific

true

there is git history for that

I know this is way too much work, but technically you could use the git history of the plugins folder to get all contributors, and then set some requirement at how many line changes it counts as author

Line counts are a terrible metric though

probably

Not stopping my 1-3 character changes from contrib

has anyone ever had vesktop crash with this error before
console output:

❯ vesktop
[Vencord] Installed React Developer Tools
(node:16521) ExtensionLoadWarning: Warnings loading extension at /home/meyer/.config/vesktop/ExtensionCache/fmkadmapgofadopljbjfkapdkoienihi:
  Manifest version 2 is deprecated, and support will be removed in 2024. See https://developer.chrome.com/docs/extensions/develop/migrate/mv2-deprecation-timeline for details.

(Use `electron --trace-warnings ...` to show where the warning was created)
[16521:0726/161043.779636:ERROR:atom_cache.cc(229)] Add chromium/from-privileged to kAtomsToCache
[16521:0726/161253.098815:ERROR:CONSOLE(2)] "Electron sandboxed_renderer.bundle.js script failed to run", source: node:electron/js2c/sandbox_bundle (2)
[16521:0726/161253.098846:ERROR:CONSOLE(2)] "TypeError: object null is not iterable (cannot read property Symbol(Symbol.iterator))", source: node:electron/js2c/sandbox_bundle (2)
^C^C

after this it freezes and needs to be killed

it's a bug with react developer tools being installed in electron

just doesnt affect everyone

managed to fix it by removing the extention
rm -rf ~/.config/Vencord/ExtensionCache/*

whats the point xd

🪦

Tbh idk why nobody did this earlier.
It wasn’t even that hard, just an hour of looking at the debugger and setting breakpoints to find the right place to patch

@fossil inlet and @dusk blaze should kill explode me for this comment I think

before vee yells at me the witty comments are totally just a coping mechanism

FUCK I NEED TO FIX SPN

AGAIN

FUCKING DISCORD

good idea?

Yes

"appi" :D

:D

how can you use software in finnish

it aint that bad

it is that bad

yeah its 1 fucking am

?remindme 14h fix spn, maybe

Alright @rugged spire, in 14 hours: fix spn, maybe

!remind 3hr look into this

Alright @fossil inlet, in 3 hours: look into this

@fossil inlet, <t:1722096210:R>: look into this

@fossil inlet, <t:1722107034:R>: look into this

oh thanks

i wasn't gonna do it until xiexe removed the udp stuff lol

bro i tried to go to files view and realized it's an issue and not a pr

i made the changes as a userplugin but forgot to pr

then reset my windows fadeaway

oh so it doesnt even need native anymore

cause u can connect to WS in browser

yeah

was added like couple months ago

and commit pinned files can still be modified by abusing git rebase
correct me if im wront, but isnt that the sha hash of the file not the git hash?

No, it's the commit id

But rebasing changes the hash

name checks out

I mean, they're persistent, I'll give em that

usually leads to a ban from the repository, but yep

!! the glowies are gonna hack vee and ruin my vencord!!

uwu

they do have a point

it looks more like a fridge than console

alternatively just replace it with this lol

No keep gamin fridge

nop

ive just figured out

if its not one that looks normal, its the console one

does discord really not have an console icon

Toaster!

ignore this one

@rugged spire, <t:1722087252:R>: fix spn, maybe

I do not like the fact how this didn't error now

and did another day

erm what the …?

^^

outdated branch

oh ok… got scare for a second

bro scared me

same

discord bouta push stuff to recreate that

maybe

fine

one part fixed

other part fixed

real

lovely response @turbid hatch

ty

Regarding that hotpink css debugging mode mentioned a few days ago — anyone else noticed that the -hsl variables all have invalid syntax? They're set to 330 100 71% when it should be 330 100% 71%

wha?

If you force load all webpack chunks everything becomes hotpink

FIRE

why does discord bundle that with the main release

Who knows

10/10 Design

Why is it triggered by simply loading a chunk rather than say, a css class

atleast u can still see it

im still on aliucord 😭

Love the [server] tag

@swift fjord @dapper tiger @fiery jungle BACKPORT NOW

polls uhh semi work 😭

cause more efficient

🙏

Has anyone looked into venmic implementation for macos, to get screenshare audio in vesktop.

you just need to use screen capture kit

I think

but also there's some issue or pr about this

note: Discord Desktop supports screen capture kit since late last year afaik

least hacked in debug option

I just read the google doc and kinda laughed

because even if the moyai.mp3 was on the vencord repo

I could still just change it

hop on normal pyoncord

the what

https://docs.google.com/document/d/1wcgi2XSdyWMlHS70KM4-Zh-pz1djKJMLGjlgWs89mBc/edit

lmao

its so bad

I'm still on vendetta

been talking a bit about it in #🌺-regulars

Hasn't broken yet so why switch

they're making a mountain out of a mole hill

LMAO

please tell me this was written by AI

I refuse to believe people that retarded actually exist

It's not AI (i think)

fully real

LMAOOO @limber skiff did u see this

yes LOL

I love merging vulnerabilities and ignoring the bot

can't believe you'd merge code with a deliberate security hole flagged by github 😔

bad maintainer

how dare project maintainers merge code without asking others to review it

that point was so funny

imagine telling Linus Torvalds that it's unfair bias that he can make changes to Linux code without asking others for approval

it's illegal to force commit ykk

thank god they didn't pay attention to the commit messages of our branches

LOL

they make meaningless commit messages like shskwnsodjsowowidkdjs...

just like us

what's even that lol project he was talking about 😭

where tf is that

I didn't see about that

Hope he finishes that "dev response" section

Should be pretty easy

Just "🤣"

what even is that milestone lmaoo

did megu make that

no idea I never touched that section

me neither xd

it's a meme from 2 years ago 😭

https://github.com/Vendicated/Vencord/pull/14

lmaooo

We are working on a document on how to migrate to better discord as a Vencord user for the time being
never used BD but aren't all plugins community-maintained or something? 🤔

We are working on a document on how to migrate to better discord as a Vencord user for the time being (contrary to popular belief, it really isn’t slower) and will be porting the Vencord plugins with no good alternatives to better discord.
(I personally did a quick look at better discord’s code, while it’s not great there were no major issues to write home about)
if you cared enough to make this 22 page document on vencord about how insecure it is you definitely would have realized how much worse bd is security wise

betterdiscord is actually insecure

unlike vencord

https://github.com/BetterDiscord/BetterDiscord/issues/442

still open from 4 years ago

BD also seems like a huge pain to write plugins for

betterdiscord contains a sandbox escape by design, which means that any code inside the browser sandbox can escape to the host and do anything on your system

this means that any plugin could technically do anything on your system, and if discord has an XSS it could much worsen the impact

this guy is about to suggest migrating to replugged next

Consider how hard it is to read bd plugins

it's fine, the average BD plugin dev is just awful at coding

consider that most bd users just decide to install plugins without looking into them too much which is just waiting for a token grabber

this is mostly outdated

the only point that still applies is the CSP

which vencord is also partially guilty of

probably yeah

ive been meaning to make csp more strict than it currently is

but you will always get user complaints

"buah I can't load my favourite font from http://totallynotavirus.ga/malware.ttf anymore"

as long as you don't patch the exploit im using

contrary to popular belief, it really isn't slower
My old laptop begs to differ

in hindsight I wonder why all mods used to be so insecure

there's no reason to enable node integration or disable context isolation

yet all mods did it

It sounds good on paper that mods are more powerful

the only reason is so you can use nodejs stuff in the browser but like just use ipc

probably one mod did and the rest went along with it

vencord has full nodejs capabilities via easy ipc

and is secure

meanwhile betterdiscord still exposes a shit ton of nodejs apis to the browser which enables sandbox escapes

really there's no reason a mod should have that

native.ts is peak

she doesn't know

The native.ts approach only works with statically loaded plugins, no?

So it wouldn't work on bd

i remember a long time ago if we'd load all discordrn modules the timestamps would become hindi

not necessarily

it can also be done dynamically at runtime

not hard

most of vencord's native.ts logic is at runtime

I'll admit that I haven't looked into how it works, since it doesn't work in userscript anyway

really all it is is:

1. send vencordPlugins.MyPlugin.myFuncName event from browser to main
2. look up MyPlugin in the plugin object
3. invoke its myFuncName method
4. return the result

could easily implement this in bd too

but they would have to change the plugin format

single format won't cut it

@scenic fog usually I check that badges look alright and if not i resize them but sometimes I forget

I checked yours too but it looked alright to me (on dark theme)

but it being modifiable at runtime means the issue is present again since you can create the logic you want and escape the context isolation

I have no idea why it looks so much worse on light theme lmao, but yes of course you can change it to a better cropped one

nah

not if you give no control to renderer

you only trust the main process

I see

and of course the logic for installing a plugin would be in the main

https://github.com/Vencord/Vesktop/commit/1f12d270ec94a6e78dd1a0ae4f0511e1ddfb0e83

since this allows the browser to change the folder vencord is loaded from to anything, you could abuse it

but it's hard to abuse because you would first need to somehow manage to deploy a malicious vencord install on the host and know the location of it. not really possible on vencord because there are no filesystem apis exposed

it's still a sandbox escape though technically so I wanted to fix it

on BetterDiscord it's much more severe because it allows you to write any file on the host

and also exposes an api that lets you open file:// urls

so you can write an executable then open it

or you can overwrite some discord file and it'll be run on next launch

or even patch other programs to deploy a virus

replugged also had a sandbox escape some time ago in their updater cause it allowed the renderer to replace replugged.asar with any asar

i reported it to them and they fixed it I think

elaborate whats wrong with current csp?

you could require hashes ?

like what the html integrity attr on link and script tags, idk if that is csp enforcable tho

isnt there no way to load hotload script tags in vencord at this point

patch helper eval is locked to dev build

What how

It’s not like it’s showing that your deafened to everyone

Fake deafen refers to the exact opposite

where it says you're deafened but you can still hear

Exactly

i would assume that gain is just set to 0 on web clients when deafened or something like that

i never looked at the code that it patches

i only read the patch itself

funny you say that i went to go make a snack

lmao

oh good catch

fixed now

typed a paragraph just to remember that patch groups exist

ppl keep doing it and it keeps doing the same thing

PSA: DONT RENAME YOUR DAMN BRANCHES PLEASE

my bad lulz

i fixed it

i hate git!!

real

im just tryna work on plugin

😭

I hate git can we just file upload everything and have no versioning

fr

just put all the code in a huge docx file

Entire codebase is now vencord.zip hosted on catbox

If you want to """pull""" """request""" you have to send a zip bomb file with your changes to vee

nah, megaup

vencord1.25.2.zip
vencord1.25.2-new.zip
vencord1.25.2-new-new.zip
vencord1.25.2-real-one.zip

nuh zippyshare

made the default list way better

idk if https://lite.duckduckgo.com should be there tho

https://github.com/Vendicated/Vencord/pull/2738/commits/20be1b5b42f05eb8c2529843f11758f6577d98ef

oki

added youtube instead of ddg lite

Alphabetical order when

Insert 1984 it can be done with a user app gif

Someone needs to make that

why are suggestions so BAD on embeds

could use diff formatting

suggestion

bro thinks base64 is private

lol

honestly if you want privacy in discord, you are better off using a different platform, its way too niche

😭

Discord can already decode it as soon as you send the message

If it was AES or whatever it would be something

(still very in secure considering you need to put some default password)

I have a ever growing collection of those gifs

bc its a custom thing for github

bet forgejo can do this 1000x better

i mean all it does is add a button to commit the change

Thinking about PRing my MessageLinkTooltip, but the existence of MessageLinkEmbeds makes that kinda awkward. They're similar enough in functionality that it's silly to have both, but have very little in common in implementation, so merging them into one feels weird. Thoughts?

@dusk blaze fun fact /?q= isnt actually needed to make a sreach on DuckDuck its unneeded filler

I’m saying this because you should submit the removal of that

the ?ia=web it’s just something that they add after the fact

why not do it yourself

I’m not going to be at my computer until late today and I don’t know how on phone

forgejo doesnt have suggestions

true

they should be merged

just noticed

you can rework this setting

display style

or smth like that

but have very little in common in implementation
how?

Probably was a better way to do that, but

the photo in question

I'm pretty sure I had a very good reason to implement fetching the message in a different way

But I don't remember what, so I guess I'll see what happens if I just use the existing fetcher

Looked into the Tooltip&Embed merge a bit more, and my conclusion is that it would get very messy, with bad code and poor ux.

• The settings don't make much sense
  • Using tooltip makes rich/automod choice quite redundant. Adding tooltip as a fourth choice would be one solution, but having three choices for three very similar options and one for something very different is unsatisfying
  • Background color is meaningless; it will have tooltip background
  • Black/whitelist isn't entirely nonsensical, but not very useful since you're already actively choosing to trigger it by hovering
• In embed mode it uses accessory api, while tooltip requires a patch. Is there any way to make a select setting require restart only on certain choices?
• Rendering is almost entirely different between the two cases. Pretty much the only common code between the modes is the webpack finds for ChannelMessage and MessageDisplayCompact.
• Message fetching logic also differs greatly
  • In embed mode, it uses a Queue to load all linked messages as fast as possible without spamming discord's servers.
    • It also caches results, but since MessageStore also stores the fetched messages this mainly seems to store load failures
  • In tooltip mode, we only want to load one message at a time, and we want that one to load as fast as possible
    • Sure, it's possible to have 50 message links and slide the mouse over them quickly, but is that edge case worth optimizing?
    • Caching failures doesn't seem useful here, and imo leads to a worse user experience. Load failure? Move the mouse off and try again
    • Tooltip mode also requires a loading spinner, which I don't know if it's easy to implement with the queue approach

So merging them would basically turn it into two different plugins under one name, with conflicting settings and vanishingly little common code. That's not something I'm willing to do as I don't like writing bad code.

i don't understand most of the concerns

you don't have to use the queue system

It would be two plugins under one name, sharing almost no code