From e8b0857f113eacd6159bc15e6377f4f7129763e4 Mon Sep 17 00:00:00 2001
From: Michael Jackson <mjijackson@gmail.com>
Date: Thu, 25 Aug 2016 12:47:13 -0600
Subject: [PATCH] Use a blacklist for bad packages

This addresses the primary concern in https://github.com/jsdelivr/jsdelivr/issues/13136
---
 PackageBlacklist.json              | 3 +++
 modules/client/components/About.md | 4 ++++
 modules/server/ServerConfig.js     | 1 +
 package.json                       | 2 +-
 4 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 PackageBlacklist.json

diff --git a/PackageBlacklist.json b/PackageBlacklist.json
new file mode 100644
index 0000000..bf52241
--- /dev/null
+++ b/PackageBlacklist.json
@@ -0,0 +1,3 @@
+{
+  "goodjsproject": true
+}
diff --git a/modules/client/components/About.md b/modules/client/components/About.md
index 1fdb612..94aa617 100644
--- a/modules/client/components/About.md
+++ b/modules/client/components/About.md
@@ -41,6 +41,10 @@ The goal of npmcdn is to provide a hassle-free CDN for npm package authors. It's
 
 npmcdn is not affiliated with or supported by npm, Inc. in any way. Please do not contact npm for help with npmcdn.
 
+### Abuse
+
+npmcdn blacklists some packages to prevent abuse. If you find a malicious package on npm, please take a moment to add it to [our blacklist](https://github.com/mjackson/npmcdn/blob/master/PackageBlacklist.json)!
+
 ### Feedback
 
 If you think this is useful, I'd love to hear from you. Please reach out to [@mjackson](https://twitter.com/mjackson) with any questions/concerns.
diff --git a/modules/server/ServerConfig.js b/modules/server/ServerConfig.js
index 130f043..522e535 100644
--- a/modules/server/ServerConfig.js
+++ b/modules/server/ServerConfig.js
@@ -14,3 +14,4 @@ export const bowerBundle = process.env.BOWER_BUNDLE || '/bower.zip'
 export const redirectTTL = process.env.REDIRECT_TTL || 500
 export const autoIndex = !process.env.DISABLE_INDEX
 export const redisURL = process.env.REDIS_URL
+export const blacklist = require('../../PackageBlacklist')
diff --git a/package.json b/package.json
index 99589b7..030325b 100644
--- a/package.json
+++ b/package.json
@@ -36,7 +36,7 @@
     "json-loader": "^0.5.4",
     "markdown-loader": "^0.1.7",
     "morgan": "^1.7.0",
-    "npm-http-server": "^3.4.0",
+    "npm-http-server": "^3.6.0",
     "on-finished": "^2.3.0",
     "postcss-loader": "^0.9.1",
     "react": "^15.1.0",