Skip to content

Add LibraryIQ plugin#190

Open
wadforth wants to merge 4 commits into
SteamClientHomebrew:mainfrom
wadforth:add-library-iq
Open

Add LibraryIQ plugin#190
wadforth wants to merge 4 commits into
SteamClientHomebrew:mainfrom
wadforth:add-library-iq

Conversation

@wadforth

Copy link
Copy Markdown

Adds LibraryIQ as a PluginDatabase submodule.

LibraryIQ enhances the Steam Library sidebar with Steam review percentage badges, rating-based sorting/filtering, badge customisation, and a quick filter control.

Plugin repository:
https://github.com/wadforth/LibraryIQ

Tested:

  • bun run build
  • Steam launches with the plugin installed
  • Sidebar review badges render
  • Settings panel opens
  • Rating source/display options work
  • Quick filter appears in the Library

Notes:

  • LibraryIQ modifies the Steam Library UI through Millennium/React runtime patching.
  • Sorting/filtering is designed to work with Steam’s virtualised Library list.

@shdwmtr shdwmtr left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Plugin uses custom AI generated UI components on the Sidebar navigation. @steambrew/client had many builtin components, and you can refer to the PluginTemplate

@wadforth

Copy link
Copy Markdown
Author

Plugin uses custom AI generated UI components on the Sidebar navigation. @steambrew/client had many builtin components, and you can refer to the PluginTemplate

All custom UI elements have been replaced with the native components. Please review.

image

@wadforth wadforth requested a review from shdwmtr June 19, 2026 18:33
@PoorPocketsMcNewHold

PoorPocketsMcNewHold commented Jul 5, 2026

Copy link
Copy Markdown

Your plugin contains a malware nodeJS package.

https://github.com/wadforth/LibraryIQ/blob/054a7c245e27d7c8bebc39a8a58bcb674d99715a/bun.lock#L478

https://app.safedep.io/community/malysis/01K32N96RPJWBP3M37FVWGWXWF

https://www.npmjs.com/package/fs

󰣇  …/LibraryIQ   main   13:50  
 npm install
npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated glob@7.2.3: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm warn deprecated glob@7.2.3: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm warn deprecated glob@8.1.0: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm warn deprecated glob@8.1.0: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm warn deprecated sourcemap-codec@1.4.8: Please use @jridgewell/sourcemap-codec instead
npm warn deprecated glob@11.1.0: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm error code E403
npm error 403 403 Forbidden - GET https://registry.npmjs.org/fs/-/fs-0.0.1-security.tgz
npm error 403 In most cases, you or one of your dependencies are requesting a package version that is forbidden by your security policy, or on a server you do not have access to.
npm error A complete log of this run can be found in: /home/pm/.npm/_logs/2026-07-05T11_50_41_957Z-debug-0.log

✗ Malicious package blocked

  - fs@0.0.1-security
    Reference: https://app.safedep.io/community/malysis/01K32N96RPJWBP3M37FVWGWXWF

✗ PMG: 84 packages analyzed, 1 blocke

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants