npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

ssb-recps-guard

v2.3.1

Published

guards against unencrypted messages being accidentally published!

Downloads

48

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

powersourcepowersourcearj03arj03staltzstaltzmixmixmixmixcelcelben-taiben-taichereseeriepachereseeriepa

Keywords

scuttlebuttencryptionsecurity

Readme

ssb-recps-guard

Guards against accidentally publishing messages publicly (i.e. unencrypted)

Works by hooking the publish method, so must be installed as the LAST plugin

Example usage

const Stack = require('secret-stack')
const caps = require('ssb-caps')


const stack = Stack({ caps })
  .use(require('ssb-d2'))
  .use(require('ssb-recps-guard'))  // << must be last

const config = {
  // see ssb-config for other needed config
  recpsGuard: {
    allowedTypes: ['contact', 'pub']
  }
}
const sever = stack(config)

auto-blocked:

const unallowedMsg = {
  content: { type: 'profile' }
}

server.db.create(unallowedMsg, (err, msg) => {
  console.log(err)
  // => Error: recps-guard - no accidental public messages allowed!
})

config-allowed:

const allowedMsg = {
  content: { type: 'contact' }
}
// this type was allowed in our config (see above)

server.db.create(allowedType, (err, msg) => {
  console.log(msg.value.content)
  // => { type: 'contact' }
})

explictly public:

const explicitPublicMsg = {
  content: { type: 'profile' },
  allowPublic: true
}

server.db.create(explicitPublicMsg, (err, msg) => {
  console.log(msg.value.content)
  // => { type: 'profile' }
})

private:

const privateMsg = {
  content: {
    type: 'profile'
    recps: ['@ye+QM09iPcDJD6YvQYjoQc7sLF/IFhmNbEqgdzQo3lQ=.ed25519']
  }
}

server.db.create(privateMsg, (err, msg) => {
  console.log(msg.value.content)
  // => VayTFa.....yZ3Wqsg==.box

  // NOTE: this is private, so allowed through an content is encrypted
  // (in this example by ssb-private1, assuming that was installed)
})

NOTE that if you are using classic ssb-db, the API behaves the same:

const explicitPublicMsgDB1 = {
  content: { type: 'profile' },
  allowPublic: true
}

server.db.create(explicitPublicMsgDN!, (err, msg) => {
  console.log(msg.value.content)
  // => { type: 'profile' }
})

Installation

Because ssb-recps-guard hooks the publish method you must install it as the LAST plugin If you don't other plugins may also hook the publish and modify messages which may break guarentees this plugin tries to offer

(actually we will now throw if anyone else tries to hook publish after this plugin!)

Config

You can configure ssb-recps-guard behaviour through the config you pass in when starting secret-stack:

{
  recpsGuard: {
    allowedTypes: [String]
  }
}

where allowedTypes is an Array of message types which are allowed to be published publicly.

Explicit bypass

Messages which would normally be blocked by the guard bypass the guard by changing what's passed to the publish method to be of form { content, allowPublic: true }

The content is what will be passed to the normal publish function.

Design: this is deliberately verbose to avoid accidental publishing. It also has the benefit that if ssb-guard-recps isn't installed this publish will error because publish will expect the type to be in a different place.

API

You can check if ssb-recps-guard is installed in your server by looking to see if server.recpsGuard is present.

server.recpsGuard.allowedTypes => [String]

Returns a (sorted) Array of the types of messages which are allowed to be published publicly.