Is this repository going to continue to be maintened?

[damien-white]

Hello,

I am currently working on building an end-to-end encrypted chat/communications application and would love to use your library / packages. This is awesome work and it looks like it took a lot of effort. I noticed that the latest commit was about 6 months ago and so I was wondering whether or not this repo is still being maintained.

If you need or would like help, I am more than happy and willing to assist in any way that I can. I recognize and understand that StableLib is an open-source project and that you are most likely doing this all in your spare time. I completely respect that.

With that said, I would love to use StableLib for my application. I simply want to ensure that if I do use it, I will not have to end up re-writing significant parts of my cryptography service and related logic due to lack of maintenance.

If you do not plan on maintaining the repository due to whatever reason, would you mind if I forked it and maintained my own fork of the existing monorepo?

Please let me know at your earliest convenience. I really appreciate it and all of the hard work that went into creating this.

Thank you

[kdenhartog]

In my experience using this library and working with @dchest the library is quite stable in terms of implementation and security. Many of them have used standardized test vectors from the RFCs where possible as well. The API has been set to stable with 1.0 at this point so it's unlikely that is going to change much at this point. In our case because we used this code in proprietary code it was beneficial to all to pay @dchest when we needed something. If you're building it in an opensource way he's usually happy to help through comments and is quite responsive here as well as in his other much larger repo tweetnacl.js.

[damien-white]

Thank you so much for the prompt reply.

I was not sure if the library was left as-is since it had reached a stable state or if was simply not maintained. I am very grateful that you cleared that up for me.

My initial plan was to use tweetnacl-js in conjunction with this library. Both libraries are excellent and I am already familiar with both -- I created a very simple prototype and everything was extremely easy to put together and worked without issue. I think I am going to stick with this plan and if anything happens, I will reach out.

Thank you again. I really appreciate it.

Closing this issue.

[dchest]

Yes, the libraries are maintained, mostly in a bug-fix mode, as I don't have plans to add new features for now, unless there is a need for them. I use many of the packages in my own projects, and they work well. I'm a kind of developer that loves stability rather than constant changes, so I don't want to constantly tweak things for no reason, unlike many JavaScript projects. That said, I like and encourage forks — so if you want to move the project in a different direction (although under a different name, please, to avoid confusion) — feel free to do so!

One "feature" that I'd like to add in the future is to support the modern module system in addition to CommonJS, so I'll work on it some time in the future. It will probably require reworking of the random generator detection.

That said, I'm now enjoying some vacation time away from programming for a few months :)