search

browserify / crypto-packages-ownership

npm owner powertool
1 stars 2 forks source link

Move to browserify organisation #3

Open dcousens opened 1 year ago

dcousens commented 1 year ago

Thanks @calvinmetcalf for helping start this process. We probably have three parts to do:

I am happy to move each of the packages from this organization to https://github.com/browserify and update their meta information in time. @ljharb could you move the package npm ownership/access to the relevant npm organisation/teams? :yellow_heart:

The list of packages in https://github.com/crypto-browserify/ownership/blob/master/crypto-packages.json doesn't cover every package in this organisation. I'll move them across nonetheless and we can then add an issue to each repository to determine it's fate.

For example buffer-reverse, while useful, should be deprecated (Buffer has reverse now), but I'll still move it for now so we can do that in the right place.

ljharb commented 1 year ago

Yes, as soon as npm owner add ljharb has been run on each one, i'll get it set up in the browserify npm org properly.

(buffer-reverse should probably still be kept for browsers, and for older versions of node that lack it)

dcousens commented 1 year ago

Step 1 complete :yellow_heart:

dcousens commented 1 year ago

@calvinmetcalf could you run this? Some packages may fail, but that's OK, we'll double back when that happens

#!/bin/bash

while read -r package; do
    npm owner add ljharb "$package"
done << LIST
browserify-aes
browserify-des
browserify-rsa
browserify-scrypt
browserify-sign
cipher-base
create-ecdh
create-hash
create-hmac
crypto-browserify
diffie-hellman
evp_bytestokey
hash-base
md5.js
parse-asn1
pbkdf2
pseudorandombytes
public-encrypt
randombytes
randomfill
ripemd160
sha.js
timing-safe-equal
LIST

I have added @ljharb for these, as I still had ownership

buffer-reverse
buffer-xor
dcousens commented 1 year ago

@calvinmetcalf you might end up needing to add a --otp flag, as in npm owner add ljharb "$package" --otp "123456" as npm owner errors in a non-interactive shell (or run each command manually)

dcousens commented 1 year ago

Maybe there is merit to merging some of these packages, and the other node-like polyfills, into a monorepo (many packages, 1 repository) for easier maintenance too? Could place the npm release process under a GitHub action too for increased auditing.

ljharb commented 1 year ago

I'm much more skeptical about that personally - monorepos in my experience make things much harder to maintain in the long run. Let's get everything transferred, and update what needs updating, before regrouping on larger questions like that.

dcousens commented 1 year ago

Sounds good. I can understand that, except many of these packages are strictly dependent on each other and often need bumping and releasing in unison. As you say though, happy to regroup on that in time.

calvinmetcalf commented 1 year ago

OK I'll try to run that tomorow or Monday at the latest

On Fri, Apr 7, 2023, 7:56 PM Daniel Cousens @.***> wrote:

Sounds good. I can understand that, except many of these packages are strictly dependent on each other and often need bumping and releasing in unison. As you say though, happy to regroup on that in time.

— Reply to this email directly, view it on GitHub https://github.com/browserify/crypto-packages-ownership/issues/3#issuecomment-1500728710, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAITRH2PUMJO6OFT4AORFI3XACSRHANCNFSM6AAAAAAWW7DJXU . You are receiving this because you were assigned.Message ID: @.***>

calvinmetcalf commented 1 year ago

ok all set

ljharb commented 1 year ago

Thanks! I now have a "crypto" team in the browserify npm org with 24 packages on it.