js tooling to help prevent attacks from evil dependencies.
webpack plugin for creating bundles protected by the LavaMoat kernel.
kumavis
/ mm-Explore.svg
Created
May 5, 2021 07:30
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
kumavis
/ gist:349fc16c8101d1dcb0fe4f9e34296005
Created
April 10, 2021 02:17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| . | |
| ,d88b, . __..- | |
| 888888 . .--SEAL:. | |
| `?88P' . __ ,'WWII::. | |
| .MW:`-. /WWII::.. | |
| . _.MWII:'. `. . ,'WII::.. | |
| _.-MWII::'. `-. ,'WWI::. | |
| . _..vvvv,'WWII::' `.'WII::. | |
| ,-'WI:'''/WII:'. \WI:. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env node | |
| const { promisify } = require('util') | |
| const sass = require('sass') | |
| const { promises: fs } = require('fs') | |
| const vm = require('vm') | |
| // example() | |
| // async function example(){ | |
| // const vmContext = vm.createContext() |
kumavis
/ gist:ab0e6ab555362c5e479d6311c4540bbd
Created
November 30, 2020 09:36
go-ethreum mainnet fast sync performance on digital ocean
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| syncing geth on digital ocean | |
| - name: eth2-mainnet-00 | |
| - sync time: (failed to sync, bound by disk perf) | |
| - region: fra1 | |
| - type: s-8vcpu-16gb | |
| - primaryDb: attached volume | |
| - ancientDb: attached volume | |
| - price vps: $0.119/hr | |
| - price volume: $0.052/hr 350gb |
kumavis
/ gist:e02d67bf463bd2b387d45b080c463872
Created
September 3, 2020 02:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://www.redfin.com/OR/Portland/6109-SW-Thomas-St-97221/home/173018992?utm_source=android_share&utm_medium=share&utm_nooverride=1&utm_content=link | |
| https://www.redfin.com/OR/Portland/3246-SW-Cascade-Ter-97205/home/26369492?utm_source=android_share&utm_medium=share&utm_nooverride=1&utm_content=link |
kumavis
/ gist:83a8c21b03998e0d2173c2a5478b7835
Created
August 25, 2020 09:03
comparison of guybedford's Secure Modular Runtimes proposal to LavaMoat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| hi guybedford/ | |
| i really enjoyed your blog post https://guybedford.com/secure-modular-runtimes.html | |
| here's some quick notes comparing your proposal and lavamoat in its current form (https://github.com/lavamoat/lavamoat) | |
| these differences represent lavamoat currently, and can easily be changed with input from smart folks like yourself | |
| ### basic runtime structure | |
| [exactly] "this runtime can fully restrict high-level capability access from packages for third-party code running in the same process" | |
| [exactly] "That this runtime can support an onramp from the existing JavaScript ecosystems, which is crucial for adoption. " |
kumavis
/ createModuleInspector.js
Created
August 19, 2020 02:25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const { builtinModules: builtinPackages } = require('module') | |
| // lavamoat-core@5.0.0 | |
| const { createModuleInspector } = require('lavamoat-core') | |
| const inspector = createModuleInspector({ | |
| // used to see if this imports builtins | |
| isBuiltin: (name) => builtinPackages.includes(name), | |
| // adds some notes on ses compat, etc | |
| includeDebugInfo: true, | |
| }) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const { makeStringTransform } = require('browserify-transform-tools') | |
| module.exports = makeStringTransform('lavamoat-browserify-workarounds', { excludeExtension: ['.json'] }, (content, _, cb) => { | |
| const result = content | |
| // fix html comments | |
| .split('-->').join('-- >') | |
| // fix direct eval | |
| .split(' eval(').join(' (eval)(') | |
| .split('\neval(').join('\n(eval)(') |
kumavis
/ gist:cfec971e3224252f038a8ae575925b3e
Last active
December 5, 2019 14:08
more javascript hijinks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| > x = 'hello' | |
| 'hello' | |
| > x.toString = () => 'ayy' | |
| [Function] | |
| > x.valueOf = () => 'yoo' | |
| [Function] | |
| > x | |
| 'hello' | |
| > x+'' | |
| 'hello' |
NewerOlder