vm2
Protobuf
vm2 | Protobuf | |
---|---|---|
14 | 174 | |
3,826 | 63,731 | |
- | 0.5% | |
4.5 | 10.0 | |
about 2 months ago | about 7 hours ago | |
JavaScript | C++ | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
vm2
- Vm2 discontinued due to unfixable security issues
- VM2 (Puppeteer Dependency) Is Deprecated Due to Critical Security Issues
- NPM package vm2 is no longer secure
-
CVE-2023-29017 / Query Help
Sandbox Escape · Advisory · patriksimek/vm2 · GitHub
- Sandbox Escape in VM2 - designed to run untrusted code in an isolated context on Node.js servers - used by integrated development environments (IDEs) and code editors, function-as-a-service (FaaS) solutions, pen-testing frameworks, security tools, and various JavaScript-related products
- Does reinitializing a new vm cause memory leak when using vm2?
- Is there a way to destroy the vm when using vm2?
-
What is the purpose of 'vm' module?
There are projects like vm2 based on vm, but they seem to be offer best-effort solutions for avoiding frequently discovered vulnerabilities, and cannot guarantee safety in general.
-
[AskJS] How to security test JS playground?
Here is link number 1 - Previous text "vm2"
-
Run untrusted code in sandbox
Something like this? https://github.com/patriksimek/vm2
Protobuf
-
Hitting every branch on the way down
It's because they changed the versioning format: https://github.com/protocolbuffers/protobuf/releases?page=5
But I suppose old version still receive bugfixes.
-
Reverse Engineering Protobuf Definitions from Compiled Binaries
For at least 4 years protobuf has had decent support for self-describing messages (very similar to avro) as well as reflection
https://github.com/protocolbuffers/protobuf/blob/main/src/go...
Xgooglers trying to make do on the cheap will just create a Union of all their messages and include the message def in a self-describing message pattern. Super-sensitive network I/O can elide the message def (empty buffer) and any for RecordIO clone well file compression takes care of the definition.
Definitely useful to be able to dig out old defs but protobuf maintainers have surprisingly added useful features so you don’t have to.
Bonus points tho for extracting the protobuf defs that e.g. Apple bakes into their binaries.
- Show HN: AuthWin – Authenticator App for Windows
-
Create Production-Ready SDKs With gRPC Gateway
gRPC Gateway is a protoc plugin that reads gRPC service definitions and generates a reverse proxy server that translates a RESTful JSON API into gRPC.
-
Create Production-Ready SDKs with Goa
To use more recent versions of protoc in future applications, you can download them from the Protobuf repository.
-
Roll your own auth with Rust and Protobuf
Use the Protobuf CLI protoc and the plugin protoc-gen-tonic.
-
Add extra stuff to a “standard” encoding? Sure, why not
> didn’t find any standard for separating protobuf messages
The fact that protobufs are not self-delimiting is an endless source of frustration, but I know of 2 standards:
- SerializeDelimited* is part of the protobuf library: https://github.com/protocolbuffers/protobuf/blob/main/src/go...
- Riegeli is "a file format for storing a sequence of string records, typically serialized protocol buffers. It supports dense compression, fast decoding, seeking, detection and optional skipping of data corruption, filtering of proto message fields for even faster decoding, and parallel encoding": https://github.com/google/riegeli
-
Block YouTube Ads on AppleTV by Decrypting and Stripping Ads from Profobuf
It looks like it is in fact universal. Just glancing at the code here, it looks like the tool searches any arbitrary file for bytes that look like encoded protobuf descriptors, specifically looking for bytes that are plausibly the beginning of a FileDescriptorProto message defined here:
https://github.com/protocolbuffers/protobuf/blob/main/src/go...
This takes advantage of the fact that such descriptors are commonly compiled into programs that use protobuf. The descriptors are usually embedded as constant byte arrays. That said, not all protobuf implementations embed the descriptors and those that do often have an option to inhibit such embedding (at the expense of losing some dynamic introspection features).
- How to learn to use protoc in 21 easily infuriating steps
-
What's involved in protobuf encoding?
Not much. You can check the source code in https://github.com/protocolbuffers/protobuf. For example, for serializing a boolean in C#: https://github.com/protocolbuffers/protobuf/blob/main/csharp/src/Google.Protobuf/WritingPrimitives.cs#L165. Strings and objects are a bit more complicated, but it is all about turning the data into its byte representation.
What are some alternatives?
deno - A modern runtime for JavaScript and TypeScript.
FlatBuffers - FlatBuffers: Memory Efficient Serialization Library
TypeScript - TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
SBE - Simple Binary Encoding (SBE) - High Performance Message Codec
JS-Interpreter - A sandboxed JavaScript interpreter in JavaScript.
MessagePack - MessagePack implementation for C and C++ / msgpack.org[C/C++]
jk - Configuration as Code with ECMAScript
cereal - A C++11 library for serialization
sysbox - An open-source, next-generation "runc" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.
Apache Parquet - Apache Parquet
rfcs - Public change requests/proposals & ideation
Bond - Bond is a cross-platform framework for working with schematized data. It supports cross-language de/serialization and powerful generic mechanisms for efficiently manipulating data. Bond is broadly used at Microsoft in high scale services.