Open dcousens opened 1 year ago
Yes, as soon as npm owner add ljharb
has been run on each one, i'll get it set up in the browserify npm org properly.
(buffer-reverse
should probably still be kept for browsers, and for older versions of node that lack it)
Step 1 complete :yellow_heart:
@calvinmetcalf could you run this? Some packages may fail, but that's OK, we'll double back when that happens
#!/bin/bash
while read -r package; do
npm owner add ljharb "$package"
done << LIST
browserify-aes
browserify-des
browserify-rsa
browserify-scrypt
browserify-sign
cipher-base
create-ecdh
create-hash
create-hmac
crypto-browserify
diffie-hellman
evp_bytestokey
hash-base
md5.js
parse-asn1
pbkdf2
pseudorandombytes
public-encrypt
randombytes
randomfill
ripemd160
sha.js
timing-safe-equal
LIST
I have added @ljharb for these, as I still had ownership
buffer-reverse
buffer-xor
@calvinmetcalf you might end up needing to add a --otp
flag, as in npm owner add ljharb "$package" --otp "123456"
as npm owner
errors in a non-interactive shell (or run each command manually)
Maybe there is merit to merging some of these packages, and the other node-like polyfills, into a monorepo (many packages, 1 repository) for easier maintenance too?
Could place the npm
release process under a GitHub action too for increased auditing.
I'm much more skeptical about that personally - monorepos in my experience make things much harder to maintain in the long run. Let's get everything transferred, and update what needs updating, before regrouping on larger questions like that.
Sounds good. I can understand that, except many of these packages are strictly dependent on each other and often need bumping and releasing in unison. As you say though, happy to regroup on that in time.
OK I'll try to run that tomorow or Monday at the latest
On Fri, Apr 7, 2023, 7:56 PM Daniel Cousens @.***> wrote:
Sounds good. I can understand that, except many of these packages are strictly dependent on each other and often need bumping and releasing in unison. As you say though, happy to regroup on that in time.
— Reply to this email directly, view it on GitHub https://github.com/browserify/crypto-packages-ownership/issues/3#issuecomment-1500728710, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAITRH2PUMJO6OFT4AORFI3XACSRHANCNFSM6AAAAAAWW7DJXU . You are receiving this because you were assigned.Message ID: @.***>
ok all set
Thanks! I now have a "crypto" team in the browserify npm org with 24 packages on it.
Thanks @calvinmetcalf for helping start this process. We probably have three parts to do:
package.json
informationnpm
access to the browserify organisation (or relevant teams)I am happy to move each of the packages from this organization to https://github.com/browserify and update their meta information in time. @ljharb could you move the package
npm
ownership/access to the relevantnpm
organisation/teams? :yellow_heart:The list of packages in https://github.com/crypto-browserify/ownership/blob/master/crypto-packages.json doesn't cover every package in this organisation. I'll move them across nonetheless and we can then add an issue to each repository to determine it's fate.
For example
buffer-reverse
, while useful, should be deprecated (Buffer
hasreverse
now), but I'll still move it for now so we can do that in the right place.