node-seccomp
handlebars-helpers
Our great sponsors
node-seccomp | handlebars-helpers | |
---|---|---|
1 | 6 | |
3 | 2,190 | |
- | 0.6% | |
0.0 | 0.0 | |
over 2 years ago | 3 months ago | |
C++ | JavaScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
node-seccomp
-
Node.js packages don't deserve your trust
I was exploring the actual implementation[0] of a capabilities feature in Nodejs and was utilising seccomp (via libseccomp) on Linux at least to achieve a greater degree of security than might otherwise be possible by remaining in userland code. The idea is that you'd write your code, import whatever you like and define your capabilities upfront at initialisation. The problem is there's quite a big disconnect between what you are doing in JavaScript and what's happening with system calls in v8, libuv and the other native parts that it's difficult to predict what you need to block and what's actually going to happen. So I don't think my approach is really viable in a general sense, although capabilities in general I think would improve the situation if the wider community were to adopt the approach.
[0]. https://github.com/roryrjb/node-seccomp
handlebars-helpers
-
@lrvick bought the expired domain name for the 'foreach' NPM package maintainer. He now controls the package which 2.2m packages depend on.
https://www.npmjs.com/package/handlebars-helpers, if anyone is curious.
- Node.js packages don't deserve your trust
- NPM package ‘ua-parser-JS’ with more than 7M weekly download is compromised
- BREAKING!! NPM package ‘ua-parser-js’ with more than 7M weekly download is compromised
-
wait what!?
The biggest project that still depends on it is handlebars-helpers, which accounts for about half of the daily downloads. The other half are probably from installs of old versions of other libraries.
-
SBCL: New in Version 2.1.0
I am actually using handlebars along with helpers https://github.com/helpers/handlebars-helpers to automatically generate sql, golang, json and jsx. cl-who is only for markup.
What are some alternatives?
ansi-italic - The color italic, in ansi.
deno-puppeteer - A port of puppeteer running on Deno
proposal-ses - Draft proposal for SES (Secure EcmaScript)
koa-hbs - Handlebars templates for Koa.js
rua - Build tool for Arch Linux providing control, review and jailed build options
regex - An implementation of regular expressions for Rust. This implementation uses finite automata and guarantees linear time matching on all inputs.
deno - A modern runtime for JavaScript and TypeScript.
NUnit - NUnit Framework
lodash - A modern JavaScript utility library delivering modularity, performance, & extras.
Serilog - Simple .NET logging with fully-structured events
MediatR - Simple, unambitious mediator implementation in .NET
pnpm - Fast, disk space efficient package manager