npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

hoodiecrow

v1.3.30

Published

Mail App with integrated OpenPGP encryption.

Downloads

55

Readme

Hoodiecrow Build Status

Hoodiecrow is a community supported fork of Whiteout Mail an easy to use email client with integrated OpenPGP encryption written in pure JavaScript. Unlike Whiteout, Hoodiecrow focuses on providing an optimized user experience for Google Mail users via the REST based Gmail api, instead of supporting all standard mail servers via IMAP/SMTP.

Screenshot

Privacy and Security

We take the privacy of your data very seriously. Here are some of the technical details:

  • The code has undergone a full security audit by Cure53.

  • Messages are encrypted end-to-end using the OpenPGP standard. This means that only you and the recipient can read your mail. Your messages and private PGP key are stored only on your computer (in IndexedDB).

  • Users have the option to use encrypted private key sync if they want to use Hoodiecrow on multiple devices.

  • Content Security Policy (CSP) is enforced to prevent injection attacks.

  • HTML mails are sanitized with DOMPurify and are rendered in a sandboxed iframe.

  • Displaying mail images is optional and opt-in by default.

  • TLS is used to protect your password and message data in transit.

  • The app is deployed as a signed Chrome Packaged App with auditable static versions in order to prevent problems with host-based security.

  • The app can also be used as a Progressive Web App from any modern web browser using the new Service Worker apis. Please keep in mind that this mode of operation is not as secure as using the signed packaged app, since users must trust the webserver to deliver the correct code. This mode will still protect user against passive attacks like wiretapping (since PGP and TLS are still applied in the user's browser), but not against active attacks from the webserver. So it's best to decide which threat model applies to you.

Reporting bugs and feature requests

  • You can just create an issue on GitHub if you're missing a feature or just want to give us feedback. It would be much appreciated!

Testing

You can download a prebuilt bundle under releases or build your own from source (requires node.js, grunt and sass):

npm install && npm test

This will download all dependencies, run the tests and build the Chrome Packaged App bundle release/hoodiecrow_DEV.zip which can be installed under chrome://extensions in developer mode.

Development

For development you can start a connect dev server:

grunt dev

Then visit http://localhost:8580/dist/#/account?dev=true for front-end code or http://localhost:8580/test/unit/ to test JavaScript changes. You can also start a watch task so you don't have rebuild everytime you make a change:

grunt watch

Releasing Chrome App

grunt release-test --release=0.0.0.x
grunt release-stable --release=0.x.0

Deploying Web App & Selfhosting

The App can be used either as a Chrome Packaged App or just by hosting it on your own trusted web server. You can build the app from source.

Build from source

Clone the git repository

git clone https://github.com/tanx/hoodiecrow.git

Build and generate the dist/ directory:

npm install && grunt

Running the server

To test the server, start it in development mode (without SSL):

node server.js --dev

Navigate to http://localhost:8889 (or whatever port is set using the PORT environment variable).

To start the server for production use (this automatically redirects to https)

npm start

A note on security: The app should not be used without SSL so it's best to set up a reverse proxy or Loadbalancer with your SSL certificates.

To start the server in development mode (no forced HTTPS, iframe loads http content), run node server.js --dev

License

See the LICENSE.txt file.

Third party libraries

We work together with existing open source projects wherever possible and contribute any changes we make back upstream. Many of theses libraries are licensed under an open source license. Here are some of them:

  • OpenPGP.js (LGPL license): An implementation of OpenPGP in Javascript
  • email.js (MIT license): IMAP, SMTP, MIME-building and MIME-parsing engine
  • Forge (BSD license): An implementation of TLS in JavaScript