Electron
libwebp
Electron | libwebp | |
---|---|---|
238 | 13 | |
112,430 | 1,941 | |
0.4% | 1.7% | |
9.8 | 8.8 | |
2 days ago | 5 days ago | |
C++ | C | |
MIT License | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Electron
-
Top 20 Javascript Libraries on Github
Repository: Electron
-
Electrifying Software: Electron
Electron GitHub Repository
-
Release Radar • February 2024 Edition
The team at Electron have been faithfully shipping new releases almost every single month. I think they had Christmas off 🤔. This popular framework has developers writing cross-platform desktop applications using JavaScript, HTML and CSS. The latest update depreciates some process events, and added new modules, APIs, methods, and more. Read into all the changes in the Electron release notes. This month, Electron also introduced a new formal RFC process.
-
The IDEs we had 30 years ago and we lost
VS Code has been crashing at launch in Wayland since more than eight months ago:
https://github.com/electron/electron/issues/37531
-
Design Systems with Web Components
So we talked a lot about the Atomic Design Principle, but you could just use that in any system and start creating. You could have Angular components, React Components, and Vue Components. But if you notice these don't easily work Everwhere. So the solution is to use Web Components because the modern browser can already understand these, and any Front-End framework can then utilize these components. You can use Electron for desktop (Slack, VSCode), PWA for both Android and iOS, and across all browsers Can I Use.
- Settings · Rulesets · electron/electron
-
How I got Wayland, Vulkan, and hardware acceleration working with Figma on Fedora 39.
I'm noticing a significant boost in performance, crisper text, and better power savings. The only shortcoming is that the window which Figma will run on will lose its shadow. This is due to a technical limitation with frameless windows on Linux.
-
Building Apps with Tauri and Elixir
For the longest time, building desktop apps was a daunting task to web developers. That is, until technologies like Electron made creating these apps more approachable to a wider audience. Today, we’ve got a wide array of native applications built with solutions like Electron, Tauri, Capacitor, and many more. While these are great solutions, sometimes configuration can be tricky and the applications we create can become somewhat bloated in terms of memory usage.
-
MS Teams & Electron libwebp 0-Day Vulnerability
Electron patch for version 27: https://github.com/electron/electron/pull/39823
-
CVE-2023-4863: Heap buffer overflow in WebP (Chrome)
It does, see [0]. Fun fact: Signal desktop, which uses Electron under the hood, is running without sandbox on Linux [1][2].
[0] https://github.com/electron/electron/pull/39824
[1] https://github.com/signalapp/Signal-Desktop/issues/5195
[2] https://github.com/signalapp/Signal-Desktop/pull/4381
libwebp
-
Google assigns a CVE for libwebp and gives it a 10.0 score
The thing that concerns me most is looking at the fix it is very difficult to see why this fix is correct. It also appears as there is lots of code without explicit bounds checks. It makes me worried because while the logic may be safe this makes the logic very complex. I wonder what the cost would be to add an explicit, local bounds check at every array access. This would serve as a backup that is much easier to verify. I suspect the cost would be relatively small. Small enough that I personally would be happy to pay it.
https://github.com/webmproject/libwebp/commit/902bc919033134...
This is also a great reminded that fuzzing isn't a solution to memory unsafe languages and libraries. If anything the massive amount of bugs found via fuzzing should scare us as it is likely only scratching the surface of the vulnerabilities that still lie in the code, a couple too many branches away from being likely to be found by fuzzing.
-
The WebP 0day
There's a follow-up fix, according to Debian[0]: https://github.com/webmproject/libwebp/commit/95ea5226c87044...
[0]: https://security-tracker.debian.org/tracker/CVE-2023-4863
-
CVE-2023-4863: Heap buffer overflow in WebP (Chrome)
The breakage [0] was introduced by the creator [1] of the project. If you want to audit 1674 commits over the past 12 years, it'd be easier to just audit the full project.
[0] https://github.com/webmproject/libwebp/commit/21735e06f7c1cb...
[1] https://github.com/webmproject/libwebp/commit/c3f41cb47e5f32...
- Convenient CPU feature detection and dispatch in the Magnum Engine
-
Whats going on with .webp and why are more and more internet images being converted to it?
If you like the command line, then you can use ffmpeg and ImageMagick, or use libwebp directly
-
What's up with people hating WebP?
The webp parser code is open source. Which means that even if Google decides to hide/obscure the code for webp, they'd legally not be allowed to prevent you from using older versions of the webp parser library. The only thing they could do is patent it, and then companies in the US (which has software patents, unfortunately) would have to pay royalties to decode it anyway; but here comes the next point
What are some alternatives?
tauri - Build smaller, faster, and more secure desktop applications with a web frontend.
libjpeg-turbo - Main libjpeg-turbo repository
dotenv - Loads environment variables from .env for nodejs projects.
Save-webP-as-extension - Firefox extension to overlay format and JPEG quality buttons on inline or stand-alone images for quickly saving a converted version of the image.
Eel - A little Python library for making simple Electron-like HTML/JS GUI apps
BrowserBoxPro - :cyclone: BrowserBox is Web application virtualization via zero trust remote browser isolation and secure document gateway technology. Embed secure unrestricted webviews on any device in a regular webpage. Multiplayer embeddable browsers, open source! [Moved to: https://github.com/BrowserBox/BrowserBox]
react-native - A framework for building native applications using React
image - [mirror] Go supplementary image libraries
puppeteer - Node.js API for Chrome
libavif - libavif - Library for encoding and decoding .avif files
cheerio - The fast, flexible, and elegant library for parsing and manipulating HTML and XML.
zlib-ng - zlib replacement with optimizations for "next generation" systems.