Comments (9)
Those sound sensible
from crypto-browserify.
I like this idea as it seems to provide an adequate system of checks &
balances. It's probably better than what exists now.
On Mon, Nov 17, 2014 at 2:59 PM, Dominic Tarr [email protected]
wrote:
I've done something dumb and published a broken release more than once.
Given the seriousness of crypto, this is not acceptable, and we need a
better way.I'm thinking something along the lines of all releases should be a pull
request,
which are then validated and published by another contributor.
@calvinmetcalf https://github.com/calvinmetcalf, you have been putting
most of the work into this recently,
I could add you as an npm owner, and then one of us prepares a release,
but the other one publishes it.Alternatively, I've just added a prepublish test that would have prevented
3.4.0 getting out.
ce25939
ce25939Maybe this will be enough?
—
Reply to this email directly or view it on GitHub
#75.
Simple & Secure Bitcoin Wallet: https://www.coinbolt.com
Bitcoin / JavaScript: http://cryptocoinjs.com
Follow me on Twitter: http://twitter.com/jprichardson
from crypto-browserify.
Having a consistent process tends to be the most useful in my experience. While the above test might help against some problems, I am not sure it would have guarded against 3.4.0 as you would have still had sha.js in your node_modules folder unless you had done a clean install.
A release candidacy might be a good way to move forward, although for the scale of this lib it might be overkill. Perhaps publication could be offloaded to the CI server?
from crypto-browserify.
@thealphanerd you'd get an error for having an extraneous dep
from crypto-browserify.
when doing npm ls
from crypto-browserify.
OH AMAZING!!!! I did not know about that feature... I will now be slowly adding this to all of my modules 😄
from crypto-browserify.
Agreed with this.
However, just submitting a PR for all changes into the library in general would also have allowed for external review and probably have caught this particular issue.
Even things like ce25939 might have been caught by just giving the changes a tiny amount of breathing time out in the open (aka, in a PR).
from crypto-browserify.
yes, okay lets try it this way and see how it goes.
from crypto-browserify.
This has been the case for a while now. Seems to work well. Closing.
from crypto-browserify.
Related Issues (20)
- [Security] update browserify-sign to the latest HOT 3
- the argument to define auth tag length in crypto.createDecipheriv cannot work HOT 1
- generateKeyPair (Sync) missing HOT 3
- Special characters in encryption key - different output
- Add a quickstart guide to documentation HOT 1
- Add support for SHA3
- Usage without polyfills HOT 6
- Missing crypto.randomUUID HOT 1
- Missing crypto.getRandomValues
- typescript support HOT 5
- Module not found error while building react app on Ubuntu HOT 8
- Crypto Module not found
- Is there a reason crypto.subtle is missing in most polyfills including this one? HOT 1
- when using pbkdf2Sync with rollup getting createhmac is not a function
- Is this package safe to use in 2023? HOT 1
- feat: crypto.randomInt([min, ]max[, callback])
- Homepage in package.json is wrong (error 404) HOT 1
- Status of this project HOT 1
- Performance issue when running standalone HOT 8
- randomBytes is required from randombytes which requires from crypto HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from crypto-browserify.