Package Health Score

53 / 100

security
Security review needed
popularity
Limited
maintenance
Sustainable
community
Limited

Explore Similar Packages

Security

Security review needed

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

Version			Vulnerabilities	License Risk
6.1.1	\|	11/2023	0 C 0 H 0 M 0 L	1 H 0 M 0 L
6.0.2	\|	10/2023	0 C 0 H 0 M 0 L	1 H 0 M 0 L
5.0.2	\|	09/2023	0 C 0 H 0 M 0 L	1 H 0 M 0 L
4.1.2	\|	05/2021	0 C 0 H 0 M 0 L	1 H 0 M 0 L
4.0.0	\|	05/2021	0 C 0 H 0 M 0 L	1 H 0 M 0 L

License

AGPL-3.0

Non-Permissive License

We noticed that this project uses a license which requires less permissive conditions such as disclosing the source code, stating changes or redistributing the source under the same license. It is advised to further consult the license terms before use.

Security Policy

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Limited

Weekly Downloads (3)

GitHub Stars: 22
Forks: 3
Contributors: 2

Direct Usage Popularity

The npm package ssb-ahoy receives a total of 3 downloads a week. As such, we scored ssb-ahoy popularity level to be Limited.

Based on project statistics from the GitHub repository for the npm package ssb-ahoy, we found that it has been starred 22 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Limited

Readme.md: Yes
Contributing.md: No
Code of Conduct: Yes
Contributors: 2
Funding: No

This project has seen only 10 or less contributors.

Embed Package Health Score Badge

Maintenance

Sustainable

Commit Frequency

Open Issues: 1
Open PR: 5
Last Release: 12 months ago
Last Commit: 12 months ago

Further analysis of the maintenance status of ssb-ahoy based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Sustainable.

We found that ssb-ahoy demonstrates a positive version release cadence with at least one new version released in the past 12 months.

In the past month we didn't find any pull request activity or change in issues status has been detected for the GitHub repository.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: >=18.6.1

Age: 6 years
Dependencies: 8 Direct
Versions: 35
Install Size: 67.4 kB
Dist-tags: 1
# of Files: 15
Maintainers: 5
TS Typings: No

ssb-ahoy has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Readme

ssb-ahoy !

A module for building electron-based scuttlbutt apps. You provide a UI and plugins, and ssb-ahoy takes care of boring details for you.

Built with electron@20.3.8 and secret-stack@7

This version of electron runs Node version 18.6.1 (or something like it)

Getting started

$ npm i ssb-ahoy

Create a root file for your project:

// index.js
const ahoy = require('ssb-ahoy')
const path = require('path')

ahoy(
  'https://localhost:8080', // an address (http/file) for UI
  {
    plugins: [
      require('ssb-db'),
      require('ssb-backlinks')
    ]
  },
  (err, ssb) => {
    if (err) throw err

    console.log('ahoy started', ssb.id)
  }
)

Add a script to your package.json:

// package.json
{
  "main": "index.js",
  "scripts": {
    "start": "electron index.js"
  }
}

Run it:

$ npm start

API

`ahoy(url, opts, cb)`

url String - a url to load the app UI from
- can start with
  - https:, https: - great for local dev-servers
  - file: - useful when you bundle ui for production, electron fetches directly from file system
    - e.g. `file://${path.join(__dirname, 'dist/index.html)}'
- required
opts Object with properties:
- opts.title String - the title of your app
  - will be the title of the app window
  - default: 'hello_world'
- opts.plugins [Plugin] - an array of secret-stack plugins
  - default: []
- opts.config Object - over-rides what's passed to secret-stack + plugins on launch
  - opts.config.path String - location your database + secret will be installed
    - default: \${envPaths.data}/ssb-ahoy/dev/\${format(opts.title)}
  - generally defaults follow ssb-config/defaults.js
cb function callback which is run once ssb and electron have started up

`ahoy(url, opts) => Promise`

Convenience method which is a promisify'd version of the last method.

`window.ahoy` (ui window api)

There's a method exposed in the UI window, that can be used like this:

window.ahoy.getConfig()
  .then(config => {
    // could use this to connect to back end with e.g. ssb-client
    console.log(config)
  })

Templates

This repo includes two working example templates. Start simple and upgrade as your interest and time permits

Building installers

Your project MUST have:

a package.json with:
- main pointing at the file which contains your ahoy setup (electron-builder uses this to build from)
- script for building release
```
{
  "main": "main.js",
  "script": {
    "release": "electron-builder --config builder/config.js"
  }
}
```
an electron-builder config
- the "release" script points at this
- putting your config in a js file means you can annotate it (you should)
- see templates/builder/config.js for the most minimal template

Native dependencies

Scuttlebutt is built with native dependencies - libraries for cryptography/ database work that depend on lower level C libraries that need to be compiled for particular architectures (i.e. are native).

electron-builder does a great job of making sure that the versions installed are compatible with the electron environement we're running them in, but sometimes it trips up.

You can often address this by adding a script to your package.json like: json { "script": { "postinstall": "npm run fixDeps", "fixDeps": "electron-builder install-app-deps" } }

Most of the modules typically used have "prebuilds" which are just fetched from the internet. If a prebuild doesn't exist you may have to build it yourself - read the errors, you'll likely see node-gyp mentioned, which is a one common node tool for compiling dependencies.

Resouces:

electron
- www.electronjs.org/releases
- CHANGELOG
electron-builder
- www.electron.build
- CHANGELOG
Apple's painful signing process:
- https://kilianvalkhof.com/2019/electron/notarizing-your-electron-application/

Development

Notes

we pin electron to an exact version here for 2 reasons:
- ensure it's tested + stable in this module
- help electron-builder to know exactly what it's building against
adding electron and electron-builder to peerDependencies was done to try and make it as easy as possible to get started with ssb-ahoy. Things to take into acount if changing this:
- build size: current example app makes an 83MB AppImage
  - if you set things up incorrectly, this will jump to 125MB+
- not having to manually install lots of modules
- electron-builder shouldn't need to be told what version of electron it's building for
adding dmg-license to optionalDependencies was done to try and make it as easy as possible to get started for mac users
- this module throws some error if you try and install it on linux
- listing it here seems to stimulate installation of it on macs
To inspect app.asar files:
```
$ cd example/dist/installers/linux-unpacked/resources
$ npx asar extract app.asar destfolder
$ filelight destfolder
```
- alternatively, temporarily set asar: false in electron-builder config
- filelight is a linux tool for visually exploring folders
electron > 20.3.8 currently breaks important sodium-native functions
- https://github.com/sodium-friends/sodium-native/issues/185
- this is currently blocking further upgrades

ssb-ahoy dependencies

deep-extend electron-default-menu electron-window-state env-paths secret-stack ssb-caps ssb-config ssb-keys

FAQs

What is ssb-ahoy?

handle the initial sync as you join scuttlebutt for the first time. Visit Snyk Advisor to see a full health score report for ssb-ahoy, including popularity, security, maintenance & community analysis.

Is ssb-ahoy popular?

The npm package ssb-ahoy receives a total of 3 weekly downloads. As such, ssb-ahoy popularity was classified as limited. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is ssb-ahoy well maintained?

We found indications that ssb-ahoy maintenance is sustainable demonstrating some project activity. We saw a total of 2 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is ssb-ahoy safe to use?

While scanning the latest version of ssb-ahoy, we found that a security review is needed. A total of 0 vulnerabilities or license issues were detected. See the full security scan results.

Last updated on 8 November-2024, at 07:24 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP