libs-team
ua-parser-js
libs-team | ua-parser-js | |
---|---|---|
13 | 29 | |
107 | 8,614 | |
1.9% | - | |
6.3 | 8.4 | |
3 months ago | about 2 months ago | |
Rust | JavaScript | |
Apache License 2.0 | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
libs-team
-
Error when using cxx to link a Rust-written library in a C++ project
In rust, both release and debug builds use a release version of the runtime. The bugs the debug version is meant to catch are much more difficult to hit in rust (often but not always requiring unsafe). There isn't currently a feature to use the debug runtime in rust-- you can only change C to match for those debug builds.
-
log is going to bump msrv to 1.60
Note that this has been discussed at length (and I do mean "at length") here: https://github.com/rust-lang/libs-team/issues/72
-
Why We Love Rust: Ferris Is Only Part Of It
The Compiler Team, especially the Diagnostics Working Group that improves compiler error messages. The Libs Team, for work on the contents of the standard library documentation
-
Rust in 2023: Growing Up
See https://github.com/rust-lang/libs-team/issues/72#issuecommen... for what I believe is an exhaustive list of possible ways of helping the situation.
-
time: MSRV policy is changing beginning 2023-07-01 to N-2 rustc versions
The point is how the MSRV of a popular crate affects this dynamic for other crates. For an even more extreme example than time, see here for libc, with many heavyweights offering opinions: https://github.com/rust-lang/libs-team/issues/72
-
What are binary crate MSRV policy best practices?
In case you haven't seen it yet, there is a very long discussion surrounding MSRV policy of the libc crate on rust-langs github repo. It's about a library, not a binary, but I think there's a lot of information in the thread, some of which will also apply to binaries.
-
(pre-announcing) clap 4.0, a Rust CLI argument parser
Would you mind sharing your use case for being stuck with a particular version of Rust and why you can't upgrade? In particular with the libs team: https://github.com/rust-lang/libs-team/issues/72
-
Azure CTO: “It's time to halt starting any new projects in C/C++ ”
Compare Stepanov's brilliant design of the STL to Rust's current reworking of their 'binary search api'. https://github.com/rust-lang/libs-team/issues/81
Maybe 'memory safety' isn't the most important thing in this world. To me, writing software that does useful things in the simplest and most correct way is what matters. I get the feeling it's harder to understand my program's correctness with Rust (I mean algorithmic correctness). The C++ standard library has time and space complexity for every algorithm. I'm not seeing that's the case with Rust (correct me if I'm wrong).
-
Is anyone actually stuck on an old version of Rust
There's also the pretty fundamental libc crate that wants to choose an MSRV policy and you can see the full discussion here: https://github.com/rust-lang/libs-team/issues/72
- For rust, I have never see a real world project contains million lines of code, nor more than 1000 components here.
ua-parser-js
-
Tell HN: Microsoft Teams is blocking Firefox Nightly
Just look at all the big companies doing it
https://faisalman.github.io/ua-parser-js/
-
Liguard - The Linode Guard
This project is backed under MIT License, special shout out to project UA-Parser, as liguard uses a piece of its source-code.
-
Modern PHP
With NPM, what's actually published is not what's in the git repo, so it's harder to inspect/review vulnerabilities or hijacking. With composer, what's in git _is_ what composer pulls (with the exception of rules in .gitattributes to exclude files etc), making it much easier to trace. One such example: https://github.com/faisalman/ua-parser-js/issues/536
Composer packages are vendor namespaced, so hijacking an abandoned package is not possible (and it is with NPM), some examples like https://www.theregister.com/2021/08/10/github_npm_package/
-
Some developers are fouling up open-source software
Sure, I suppose in theory it could happen with other ecosystems, but for some reason it doesn't. It sure seems to just keep happening in NPM though.
-
Vulnerable and Outdated Components
From the other side, npm package may be hijacked(as it happened recently for ua-parser-js and to other packages earlier). To mitigate that, I don't know, probably, subscribing to some security digest would be the most helpful.
- Red Hat response to Java release cadence change
-
Secure software supply chain: why every link matters
On Oct. 22, 2021, developers of a very common NPM package, ua-parser-js, discovered that some attackers uploaded a compromised version of the package containing malware for Linux and Windows, and were capable of stealing data (at least passwords and cookies from the browser).
-
Thoughts on improving security of Neovim plugins
Since Neovim 0.5 release (which has full Lua support) I see more and more amazing Lua plugins being developed, and I think this trend will likely to continue. But I recently got more concerned about security risks associated with the way Neovim plugins being installed and used (especially after seeing recent compromises like ua-parser-js or coa). Installing typical Neovim plugin is basically downloading and executing random code from the internet on your machine with your user privileges, so hijacked or deliberately malicious plugin could potentially do a lot of damage (like stealing keys/passwords, installing keylogger or just rm -rf / for fun).
-
Hidden XMRig miner malware discovered in hijacked versions of popular ua-parser-js npm library
thread about compromise https://github.com/faisalman/ua-parser-js/issues/536
- Malware Discovered in Popular NPM Package, ua-parser-js
What are some alternatives?
awesome-rust - A curated list of Rust code and resources.
react-device-detect - Detect device, and render view according to detected device type.
meta-rust - OpenEmbedded/Yocto layer for Rust and Cargo
bowser - a browser detector
docs.rs - crates.io documentation generator
remarkable - Markdown parser, done right. Commonmark support, extensions, syntax plugins, high speed - all in one. Gulp and metalsmith plugins available. Used by Facebook, Docusaurus and many others! Use https://github.com/breakdance/breakdance for HTML-to-markdown conversion. Use https://github.com/jonschlinkert/markdown-toc to generate a table of contents.
namespacing-rfc - RFC for Packages as Optional Namespaces
enquirer - Stylish, intuitive and user-friendly prompts, for Node.js. Used by eslint, webpack, yarn, pm2, pnpm, RedwoodJS, FactorJS, salesforce, Cypress, Google Lighthouse, Generate, tencent cloudbase, lint-staged, gluegun, hygen, hardhat, AWS Amplify, GitHub Actions Toolkit, @airbnb/nimbus, and many others! Please follow Enquirer's author: https://github.com/jonschlinkert
sccache - Sccache is a ccache-like tool. It is used as a compiler wrapper and avoids compilation when possible. Sccache has the capability to utilize caching in remote storage environments, including various cloud storage options, or alternatively, in local storage.
Serilog - Simple .NET logging with fully-structured events
sled - the champagne of beta embedded databases
pnpm - Fast, disk space efficient package manager