DailyJS

DailyJS

The JavaScript blog.


Tagcrypto
Featured

node modules security crypto vim

Node Roundup: 0.11.5, nvi, signobj

Posted on .

You can send in your Node projects for review through our contact form.

Node 0.11.5

Node 0.11.5 was released this week. This unstable version updates v8 and uv. It also includes fixes for buffer, child_process, dgram, fs, https, openssl, os, tls, and util.

The patch for fs by Trevor Norris is interesting (pull request) -- rather than writing strings to a buffer and then the disk, it changes fs.js and src/node_file.cc to write directly to the disk instead.

nvi

nvi (GitHub: mikesmullin / nvi, License: GPLv3, npm: nvi) by Mike Smullin is a 'very opinionated Vi clone'. I tried installing it with npm install -g nvi, but it wouldn't run; I had to check out the repository manually. It doesn't clone Vi or Vim in a way that I think it's fair to call 'clone' -- I can't seem to get hjkl to move the cursor, and the modes have been changed to include 'COMBO' mode instead of Normal mode which makes using it extremely confusing for a seasoned Vim veteran.

Despite all that, and the fact that the name nvi is a bad choice, I find the project interesting because making complex text user interfaces isn't an easy task. Also, Mike's nvi is focused on collaborative features, which potentially makes Node a great fit.

signobj

Django has a cryptographic API for setting and reading signed cookies, and presumably you can also use this to sign API responses for RESTful JSON APIs. Inspired by this, signobj (GitHub: Submersible / node-signobj, License: MIT, npm: signobj by Ryan Munro allows you to sign JSON data with a SHA-1 HMAC:

signobj() - Signs data with secret, you can also pass in some extra hidden data that is used when hashing. This can be useful if you're creating an access token, and you want it to become invalid when they change their password, and also don't want the password with the public data.

Ryan said he's been using it to sign cookies and localStorage sessions.

Featured

node modules webworkers p2p crypto

P, EasyWebWorker, OpenPGP.js

Posted on .

P

P (GitHub: oztu / p, License: Apache 2, npm: onramp, bower: p) by Ozan Turgut is a client-side library with a WebSocket server for creating P2P networks by allowing browser-to-browser connections.

The onramp Node module is used to establish connections, but after that it isn't necessary for communication between clients. The author has written up documentation with diagrams to explain how it works. Like other similar projects, the underlying technology is WebRTC, so it only works in Chrome or Firefox Nightly.

EasyWebWorker

EasyWebWorker (GitHub: ramesaliyev / EasyWebWorker, License: MIT) by RameĊŸ Aliyev is a wrapper for web workers which allows functions to be executed directly, and can execute global functions in the worker.

A fallback is provided for older browsers:

# Create web worker fallback if browser doesnt support Web Workers.
if this.document isnt undefined and !window.Worker and !window._WorkerPrepared  
  window.Worker = _WorkerFallback

The _WorkerFallback class is provided, and uses XMLHttpRequest or ActiveXObject.

The source code is nicely commented if you want to look at what it does in more detail: easy-web-worker.coffee.

OpenPGP.js

Jeremy Darling sent in OpenPGP.js (GitHub: openpgpjs / openpgpjs, License: LGPL), which is an OpenPGP implementation for JavaScript:

This is a JavaScript implementation of OpenPGP with the ability to generate public and private keys. Key generation can be a bit slow but you can also import your own keys.

Jeremy found that OpenPGP.js is used by Mailvelope, which is a browser extension that brings OpenPGP to webmail services like Gmail. That means Mailvelope can encrypt messages without having to upload a private key to a server.