This topic was automatically generated from Slack. You can find the original thread here.
, I work at CSVBox, and we had requested Pipedream to create a component scaffolding for us. However, someone from outside our organization somehow implemented code in it, and their pull request was even accepted, which is completely wrong. What should we do now? Raised PR was [Components] CsvBox new components by jcortes · Pull Request #18942 · PipedreamHQ/pipedream · GitHub
what should we do in this case?
I’m sorry to hear about this situation—it sounds frustrating and concerning. Here are the steps you should take: 1. Contact Pipedream Support Immediately: Since this involves a security and process issue (external contributor code merged into your requested component), you should reach out to Pipedream support for urgent assistance. They can investigate how this happened, review the PR, and help you take corrective action. Please visit Support - Pipedream to contact their team directly. 2. Review the Pull Request and Code: - Audit the code that was merged for any potential security issues or logic errors. - Check if any sensitive information was exposed or if the code could impact your users. 3. Request a Revert or Correction: - If the PR should not have been merged, ask Pipedream to revert the changes or work with them to submit a corrected PR from your organization. 4. Clarify Contribution Process: - Ask Pipedream how this external contribution was allowed and what safeguards can be put in place to prevent it in the future. - Ensure that future requests for custom components are handled in a private or restricted manner. 5. Internal Communication: - Inform your team about the incident and any steps being taken. - Review your own processes for requesting and reviewing third-party code. If you need to escalate or want a direct line to a human for urgent support, again, please use Support - Pipedream. Let me know if you need help drafting a message to Pipedream or if you have any other questions about this process.
Hi , Pipedream is open source, so contributing is not limited to only the app providers, but we definitely encourage you to go ahead and contribute.
The PR you linked was developed by our components team. Feel free to submit another PR adding or fixing functionalities and we’ll review it 
@U09KDHHPW03 just to add to @U03EGTE5WC8’s input, here are relevant links for Contributing: overview; you’ll use the Component API when building components. Users new to Pipedream, can sign up here with free tiers available.
@URV1X5N2H, Thank you for your response. I would like to mention that the internal work related to this has been handled by the CSVBox team. Additionally, the component has already been fully developed, and a new PR has been created for it. Kindly review the PR. https://github.com/PipedreamHQ/pipedream/pull/18982. If any other assistance is needed from me, I’ll be happy to help you.
Posted thread to Discourse: How to Handle Unauthorized Code Implementation on Our Component Scaffolding by an Outsider at CSVBox?
pls check this PR out… apparently is still awaiting your review though you may have this on the radar https://github.com/PipedreamHQ/pipedream/pull/18982