npq
download-node-nightly-executable
npq | download-node-nightly-executable | |
---|---|---|
4 | 13 | |
863 | 0 | |
- | - | |
7.7 | 2.3 | |
3 months ago | 6 months ago | |
JavaScript | HTML | |
Apache License 2.0 | Do What The F*ck You Want To Public License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
npq
-
I wish more developers understood the constant stream of malware that is posted to npm
You might also want to look at npq which is an open source project that helps you proactively defend against potentially bad (malicious) npm packages before installing them.
-
The rising trend of malicious packages in open source ecosystems | Snyk
You just described my project called npq: https://github.com/lirantal/npq :-)
-
Packj sandbox for “safe installation” of Ruby gems
That's pretty cool. I was just recently publishing about Ruby gem lockfile injection attacks (read here: https://snyk.io/blog/ruby-gem-installation-lockfile-injection-attacks/). I also wrote something related to this for npm users, but not a sandbox, called npq: https://github.com/lirantal/npq/
-
npm package node-ipc was found to contain malicious code that wipes files on disk
In any case, proactively protecting against is indeed the more difficult thing to do, but also the rarer and sort of 0 day vulnerabilities that happen. That said, I built a module called npq (see here https://github.com/lirantal/npq/) that helps me, and others, countermeasure against these sort of malicious incidents. In light of recent malicious incidents, it calls for updating some of the capabilities there (referred to as marshalls)
download-node-nightly-executable
-
The massive bug at the heart of the npm ecosystem
npm never has to get written to or installed on your machine. download-node-nightly-executable.
-
I wish more developers understood the constant stream of malware that is posted to npm
WHat do you mean by "contribute"? I download only the node executable using download-node-nightly-executable to run native-messaging-nodejs, servers, or whatever else I decide to experiement on - without downloading any packages.
-
How to Install Node.js on Ubuntu 22.04 LTS | Configure Node.js and NPM |...
If you only need the node executable without npm, node_modules and the rest of the folders and files shipped in Node.js download archive you can use this https://github.com/guest271314/download-node-nightly-executable.
-
JSON compression in the browser, with gzip and the Compression Streams API.
I use DecompressionStream() to decompress the Node.js nightly release before extracting only the node executable from the tar archive https://github.com/guest271314/download-node-nightly-executable/blob/main/index.html.
-
[AskJS] What is your preferred solution to share and execute Node.js scripts ?
Yes. I create a file called node, touch node, set the file to executable chmod u+x node, then fetch the Node.js nightly release using this https://github.com/guest271314/download-node-nightly-executable, get rid of everything except the node executable, then run that node executable from the directory I download the file to. Then afterwards truncate the node execute to a file with 0 size, as it began as with
-
PSA: It is possible to run node executable without npm, node_modules, or package.json
Node.js does not publish a release containing only the node executable. That is why I wrote this https://github.com/guest271314/download-node-nightly-executable to fetch the Node.js nightly download, extract only the node executable, and get rid of everything else in the download that never reaches my file system.
-
Use SSH in browser
If you do not already have the node executable https://github.com/guest271314/download-node-nightly-executable.
-
Alternatives to local Node+npm dev environment? No admin rights. Unable to install dependencies over network.
Note: You can use node executable without using npm or npx at all download-node-nightly-executable. Create package.json including {"type":"module"} then you can import local .js files, e.g. https://github.com/guest271314/jsdom-extension/blob/main/background.js
-
Deno Native Messaging host
As to that point, FWIW, it is easier to download the Deno executable than the Node.js executable, because Deno only includes the executable i the download - Node.js include npm, npx, et al. That is why I wrote https://github.com/guest271314/download-node-nightly-executable to extract only the node executable for Node.js nightly download.
-
Node.js "Dependency Hell"
FWIW I wrote this https://github.com/guest271314/download-node-nightly-executable to fetch the node nightly executable from the release folder than contains npm because I have no use for npm nor packages. I just use node executable as a Native Messaging host, which does not require any dependencies, just the javaScript runtime, where I can call process.spawn() and thus execute any local JavaScript file or other application written in any programming language.
What are some alternatives?
pwndoc - Pentest Report Generator
node-red-contrib-primitive-status - Node-RED node that displays the primitive type of msg.payload in the nodes status.
safe-npm - safe npm time travel installs
botfuel-dialog - Botfuel SDK to build highly conversational chatbots
v8-vulnerabilities - Corpus of public v8 vulnerability PoCs.
nodejs-suite-demo - Examples of using DHTMLX Suite widgets with Node.js. Learn more about Suite:
lockfile-lint - Lint an npm or yarn lockfile to analyze and detect security issues
native-messaging-quickjs - QuickJS Native Messaging host
single-executable - This team aims to advance the state of the art in packaging Node.js applications as single standalone executables (SEAs) on all supported operating systems.
heroku-cra-node - ⚛️ How to use create-react-app with a custom Node server on Heroku
native-messaging-bash - Bash Native Messaging host.