jsr
supabase
jsr | supabase | |
---|---|---|
8 | 772 | |
1,990 | 67,176 | |
21.7% | 1.9% | |
9.5 | 10.0 | |
4 days ago | 3 days ago | |
Rust | TypeScript | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
jsr
-
The new open source JavaScript s package registry
JSR Web Page
-
Creating an OG image using React and Netlify Edge Functions
For example, here's an OG image for a workspace for jsr. JSR is the new JavaScript registry from the folks from Deno.
- Poolifier Web Worker version 0.3.15
-
Show HN: Drop SSH private keys in exchange for keygen via PRNG and Ed25519
(tldr; visit https://jsr.io/@key/gen-ssh-ed25519 for details)
I have a hot take: the ~/.ssh folder should NOT contain private keys.
A private key is generated on the first day of computer setup and remains there permanently. It will have mode 600 if not misconfigured, and may also have a passphrase for protection (you do ... do you?). So, what's the catch?
During its entire lifespan, which can be months or even years, those private keys can be compromised in just a matter of seconds. This could happen if someone types "curl -d" in the command line on your behalf during a coffee break, or if an NPM package with numerous intermediate dependencies' postinstall scripts to send it elsewhere, even if guarded by a passphrase, ask yourself how confident you are that phrase you have will survive offline brute-force attacks?
ssh-agent to the rescue.
If you've enabled AddKeysToAgent and UseKeychain in your ~/.ssh/config file, you can safely remove your private key from the disk after it's automatically added to the ssh-agent (verify by ssh-add -L). This protects against all kinds of attacks, however, if you reboot your system, you'll need to set everything up again.
Thus the reproducible keygen comes into play, in a nutshell, instead of relying on entropy taken from /dev/random and letting the end user hold on to it safely forever (how?), let's use well-configured PRNG (i.e. PBKDF2 - SHA512 - 400,000 rounds in 2024 from native webcrypto in this case) with better algos (Ed25519 instead of RSA), to generate the same private key on demand on-the-fly, once the private key added onto ssh-agent, then just delete it from the disk, this greatly reduced the attack surface of the private key, no private key left means nothing to leak at the first place.
The last piece of the puzzle is coming up with a manageable salt/passphrase for PRNG, this can vary depending on your threat modeling, I will provide a few examples for inspiration, but you should choose what works best for you:
- UUID generated from system entropy, put into ~/.ssh/config as a vague comment yet you can retrieve it later on
- a strong password generated by password managers and safely stored across multiple devices
- any git commit hash that is unrelated whatsoever, this can come from one of your side projects or even some opensource project, as long as you don't lose the trace from your mental memory
- Merkle tree root hash from any given height of the blockchain
- specific version of any pkg (i.e. npm or crates) tarball's checksum
- your favorite number multiplied by the year of choice and cubed, i.e. (42 * 2024) ^ 3
- chunk of pi digits
etc...
The program is released on JSR (https://jsr.io/@key/gen-ssh-ed25519) and designed to be executed by Deno which is secure by default, it reads from command args and emits to stdout, without any file, network, or environment access.
Credit to Paul Miller by his NPM package (https://www.npmjs.com/package/ed25519-keygen) for the heavy lifting.
What is your opinion? Do you have any other suggestions or did you notice any oversights?
- JSR: The JavaScript Registry
supabase
-
Wasp x Supabase: Smokin’ Hot Full-Stack Combo 🌶️ 🔥
It was a great experience using Supabase’s rock-solid PostgreSQL database for this app. The DX around that product is phenomenal: viewing and managing the DB data was a lifesaver when you don’t want to craft your own admin panel from scratch.
-
How I migrated from Firebase to Supabase
I didn't really give much thought as to which backend I would use. I already had 2 projects in Supabase (BOXCUT & MineWork), but also a few projects in Firebase too. I was more concerned at the time at actually building the product.
-
How to get free Postgres
Sign up for SupaBase: Head over to SupaBase and sign up. Create a new workspace and project with your preferred names.
-
Creating a Pokémon guessing game using Supabase, Drizzle, and Next.js in just 2 hours!
Setting up Supabase Create a new Supabase project, and get the connection string for the database from settings > database.
-
How To Make An Insanely Fast AI App (Supabase, LLAMA 3 and Groq)
Supabase (start for free)
-
Building a self-creating website with Supabase and AI
Built with Supabase, Astro, Unreal Speech, Stable Diffusion, Replicate, Metropolitan Museum of Art
-
How I built a Markdown Rendered Blog using Supabase and Chakra UI
Supabase will be used for storing article data in the database and the cover image of the article in storage. Chakra UI will be used to provide style to the elements. By using both, we can build the blog with ease.
-
I got #1 Product of the Day on Product Hunt without Spending a Dollar
For AutoRepurpose, I opted for Supabase as the backbone of the backend. It has reliably supported Penelope AI, which garnered over 15k users in 2022 without any issues.
-
AI Inference now available in Supabase Edge Functions
Semantic search demo
-
Creating an OG image using React and Netlify Edge Functions
1. Create a new Supabase project: Visit Supabase and create a new project.
What are some alternatives?
Appwrite - Your backend, minus the hassle.
pocketbase - Open Source realtime backend in 1 file
nhost - The Open Source Firebase Alternative with GraphQL.
neon - Neon: Serverless Postgres. We separated storage and compute to offer autoscaling, code-like database branching, and scale to zero.
next-auth - Authentication for the Web.
Hasura - Blazing fast, instant realtime GraphQL APIs on your DB with fine grained access control, also trigger webhooks on database events.
Directus - The Modern Data Stack 🐰 — Directus is an instant REST+GraphQL API and intuitive no-code data collaboration app for any SQL database.
faunadb-js - Javascript driver for Fauna v4
vitess - Vitess is a database clustering system for horizontal scaling of MySQL.
postgrest - REST API for any Postgres database
Strapi - 🚀 Strapi is the leading open-source headless CMS. It’s 100% JavaScript/TypeScript, fully customizable and developer-first.
realtime - Broadcast, Presence, and Postgres Changes via WebSockets