is-buffer
buffer
is-buffer | buffer | |
---|---|---|
2 | 2 | |
93 | 1,778 | |
- | - | |
0.0 | 5.9 | |
about 3 years ago | about 2 months ago | |
JavaScript | JavaScript | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
is-buffer
-
Ask HN: How do you (security) audit external software using NPM packages?
Yes, in this case I would put something like this on top of the file:
# Fork by TekMol of https://github.com/feross/is-buffer
buffer
-
WebTorrent
Disclosure: I'm the author of WebTorrent.
It's so fulfilling to see WebTorrent still popping up on Hacker News after all these years. I started the project in 2013 and devoted most of my 20s to working on it, ultimately becoming a full-time open source maintainer, and writing hundreds of npm packages including buffer (https://github.com/feross/buffer), simple-peer (https://github.com/feross/simple-peer), and StandardJS (https://standardjs.com/).
I started WebTorrent with the goal of extending the BitTorrent protocol to become more web-friendly, allowing any browser to become a peer in the torrent network. Within less than a year of starting the project, I got WebTorrent fully working. And it worked _well_, beating many native torrent apps in terms of raw download speed and the ability to stream videos within seconds of adding a torrent.
WebTorrent never got as much attention as the cryptocurrency projects selling tokens throughout the mid-2010s, even though WebTorrent actually worked and had more real users than almost all of them :) I was never tempted to add a crypto-token to WebTorrent, despite many well-meaning friends telling me to do it. Nonetheless, WebTorrent served as an accessible on-ramp to the world of decentralized tech, along with other projects like Dat (https://dat-ecosystem.org/) and Secure Scuttlebutt (https://scuttlebutt.nz/).
But WebTorrent is more than a protocol extension to BitTorrent. We built a popular desktop torrent client, WebTorrent Desktop (https://webtorrent.io/desktop/), which supports powerful features like instant video streaming.
We also build a `webtorrent` JavaScript package (see https://socket.dev/npm/package/webtorrent) which implements the full BitTorrent/WebTorrent protocol in JavaScript. This implementation uses TCP, UDP, and/or WebRTC for peer-to-peer transport in any environment – whether Node.js (TCP/UDP), Electron (TCP/UDP/WebRTC), or the web browser (WebRTC). In the browser, the `webtorrent` package uses WebRTC which doesn’t require a browser plugin, extension, or any kind of installation to work.
If you’re building a website and want to fetch files from a torrent, you can use `webtorrent` to do that directly client-side, in a decentralized manner. The WebTorrent Workshop (https://webtorrent.github.io/workshop/) is helpful for getting started and teaches you how to download and stream a torrent into an HTML page in just 10 lines of code.
Now that WebTorrent is fully supported in nearly all the most popular torrent clients, including uTorrent, dare I say that we succeeded? It's been a long and winding journey, but I'm glad to have played a role in making this happen. Special shoutouts to all the open source contributors over the years, especially Diego R Baquero, Alex Morais,
P.S. If you're curious what I'm up to now, I'm building Socket (https://socket.dev). And there's actually a WebTorrent connection, too. Socket came out of a prior product we built called Wormhole (https://wormhole.app), an end-to-end encrypted file transfer application built using WebTorrent under-the-hood (Show HN thread: https://news.ycombinator.com/item?id=26666142). Like Firefox Send before it, security was a primary goal of Wormhole (see security details here: https://wormhole.app/security). But one area where we were lacking was in how we audited our open source dependencies. Like most teams building a JavaScript app, we had a large node_modules folder filled with lots of constantly updating third-party code. The risk of a software supply chain attack was huge, especially with 30% of our visitors coming from China. As most teams do, we enforced code review for all our first-party code. But similar to most teams, we were pulling in third-party dependencies and dependency updates without even glancing at the code (this is something that almost every company does today). We knew we needed to do better for our users. We looked around for a solution to analyze the risk of open source packages but none existed. So we decided to build Socket.
Socket helps developers ship faster and spend less time on security busywork by helping them safely find, audit, and manage OSS. Socket provides a comprehensive open source risk analysis. By analyzing the full picture – from maintainers and how they behave, to open-source codebases and how they evolve – we enable developers and security teams to identify risk from malware, hidden code, typo-squatting, misleading packages, permission creep, unmaintained or abandoned packages, and poor security practices. For one quick example, take a look at the risks we identified in this Angular.js calendar library: https://socket.dev/npm/package/angular-calendar/issues/0.30....
-
Remember the Portfolio Insider Scam? They're back as TradeAlgo.
If someone is a web dev this could probably explain this better than me but here it goes. This does NOT mean Feross has ANYTHING to do with the site. Feross published an open-source module (https://github.com/feross/buffer) for node.js that this site happens to use. There is likely 0 relation between the website and Feross considering that thousands of other websites use this module.
What are some alternatives?
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
simple-peer - 📡 Simple WebRTC video, voice, and data channels
byrnesjs - A JS library to push less trusted code outside Jack's Circle of Trust
node-datachannel - WebRTC For Node.js and Electron. libdatachannel node bindings.
magnet-uri - Parse a magnet URI and return an object of keys/values
webtorrent - ⚡️ Streaming torrent client for the web [Moved to: https://github.com/webtorrent/webtorrent]
isBuffer
stun - A Go implementation of STUN
ncc - Compile a Node.js project into a single file. Supports TypeScript, binary addons, dynamic requires.
Algorithm - Algorithm is a library of tools that is used to create intelligent applications.
file-type - Detect the file type of a file, stream, or data
diff - Simple diff library in pure Swift