node-seccomp
Low level libseccomp bindings for Node.js (by roryrjb)
proposal-ses
Draft proposal for SES (Secure EcmaScript) (by tc39)
Our great sponsors
| node-seccomp | proposal-ses | |
|---|---|---|
| 1 | 5 | |
| 3 | 213 | |
| - | 0.0% | |
| 0.0 | 0.0 | |
| over 2 years ago | about 3 years ago | |
| C++ | HTML | |
| MIT License | - |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
node-seccomp
Posts with mentions or reviews of node-seccomp.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-04-11.
-
Node.js packages don't deserve your trust
I was exploring the actual implementation[0] of a capabilities feature in Nodejs and was utilising seccomp (via libseccomp) on Linux at least to achieve a greater degree of security than might otherwise be possible by remaining in userland code. The idea is that you'd write your code, import whatever you like and define your capabilities upfront at initialisation. The problem is there's quite a big disconnect between what you are doing in JavaScript and what's happening with system calls in v8, libuv and the other native parts that it's difficult to predict what you need to block and what's actually going to happen. So I don't think my approach is really viable in a general sense, although capabilities in general I think would improve the situation if the wider community were to adopt the approach.
[0]. https://github.com/roryrjb/node-seccomp
proposal-ses
Posts with mentions or reviews of proposal-ses.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-09-27.
- Draft Proposal for SES (Secure EcmaScript)
- Named Element IDs Can Be Referenced as JavaScript Globals
-
What to learn in 2022
Sadly, the BitC language never got finished and its Wikipedia article was removed in 2017, but meanwhile the capability model surfaced in the form of Secure ECMAScript and WebAssembly System Interface.
- Node.js packages don't deserve your trust
-
Future Javascript: ShadowRealms
Anyone know how ShadowRealms differs from SES? https://github.com/tc39/proposal-ses
What are some alternatives?
When comparing node-seccomp and proposal-ses you can also consider the following projects:
ansi-italic - The color italic, in ansi.
tldr-sh-client - Simplified and community-driven man pages
rua - Build tool for Arch Linux providing control, review and jailed build options
EventSource - a polyfill for http://www.w3.org/TR/eventsource/
npmrank - npm dependencies graph metrics
Odin - Odin Programming Language