Comments (13)
Libvips is a far superior to Image magick https://github.com/jcupitt/libvips
from crystal-libraries-needed.
Some weeks ago a saw [this one] (https://github.com/naqvis/crystal-vips)
from crystal-libraries-needed.
Though they are the de-facto standard for image manipulation, ImageMagick is a huge security risk. GraphicsMagick is way better, but still has lots of issues. I'd rather try to find a secure and stable image manipulation library to use in Crystal. I'm not sure about reasonable alternatives but we might as well look for it...
There is a proposal for VIPS #27 which is way faster but still relies on libmagick for less common image types. This was incorrect: libvips can use libmagick as a fallback but will use other libs if available
from crystal-libraries-needed.
magickwand-crystal may be as some alternative for now.
from crystal-libraries-needed.
@veelenga yep, I'm aware of it, yet for my taste it's rather unusable alternative, thus this issue.
from crystal-libraries-needed.
Why is ImageMagic a huge security risk?
from crystal-libraries-needed.
Because it is very poorly-written code, written back when the world wasn't full of actively-hostile attackers. Consider this recent news story:
yahoo_retires_imagemagick_library
And by recent, I mean: 21 May 2017
from crystal-libraries-needed.
I concur that yahoo has been a security risk over the last five years (I had an insignificant email account with them that was compromised twice).
from crystal-libraries-needed.
A list of ImageMagick CVEs: https://www.cvedetails.com/vulnerability-list/vendor_id-1749/Imagemagick.html
Though I wouldn't read too much into it. Implementing it ourselves isn't a magic bullet to make it bug free. It may have less whacky memory accesses, but OTOH, ImageMagick is pretty battle tested and will be for some time.
from crystal-libraries-needed.
libvips has to have
glib2.0-dev
. Other dependencies are optional, see below.
Not a fan of adding random dependencies, that alone makes it inferior.
from crystal-libraries-needed.
@Papierkorb me neither, yet libvips
is IMO worth goin' the extra mile...
from crystal-libraries-needed.
Imagemagick also has dependencies, it's just a lot easier to use apt-get/yum/etc to install them as a total package. Libvips not only processes images faster, it has a smaller memory footprint than both ImageMagick and GraphicsMagick. Maybe its just my imagination too, but the resized images look crispier shrug
from crystal-libraries-needed.
Any progress on this?
from crystal-libraries-needed.
Related Issues (20)
- walkdir library HOT 7
- Web scraper HOT 3
- Suggestion: port gem mimemagic from Ruby for significant (and fully platform agnostic) MIME type coverage
- Push notification service
- Port of impersonator gem
- fastimage shard HOT 3
- XMPP / Jabber client shard HOT 2
- Font renderer HOT 7
- Relational Algebra
- Math parser / evaluator HOT 6
- Flashtext port
- Tokyo Tyrant (Tokyo Cabinet server) HOT 4
- Python to Crystal converter HOT 3
- Data-parallelism library
- Algorithmic Trading Library
- integration with a browser recording library: playwright library / puppeteer library / something similar HOT 5
- A rewrite of Centrifuge use crystal
- Kubernetes API HOT 2
- RDF library
- HAML templating Shard HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from crystal-libraries-needed.