github repo with only pre-compiled binaries coming from npmjs. These days anything from npmjs should already raise red flags, let alone something pre-compiled without sources.
Tbf the new trusted publishers goes a long way to improving this (not used by this package by the look of it). I migrated a few of my packages to it, and now:
- publishing with an API token is forbidden, must use the specified workflow w/ OIDC auth
- an explicit approval step in GitHub is required to run the publish workflow (you can also set a time delay, similar to time release safes)
Bro the source is locked and precompiled no body even the author cannot edit with malicious binaries. Thats y people used to publish binary to ensure stability. Instead of pulling from git each time.
Not everyone knows Rust, but JavaScript is widely known. A library that delivers Rust-level performance without requiring developers to learn anything new would likely be very popular. That being said, if you need Rust performance, it's a better idea to just learn Rust. Is not that hard.
github repo with only pre-compiled binaries coming from npmjs. These days anything from npmjs should already raise red flags, let alone something pre-compiled without sources.
Tbf the new trusted publishers goes a long way to improving this (not used by this package by the look of it). I migrated a few of my packages to it, and now:
- publishing with an API token is forbidden, must use the specified workflow w/ OIDC auth
- an explicit approval step in GitHub is required to run the publish workflow (you can also set a time delay, similar to time release safes)
- provenance is generated and published
Ref: https://docs.npmjs.com/trusted-publishers/
I think you can compile the rust core lib from source yourself - https://github.com/Shyam20001/brahma-core
Exactly I have attached the src link in Readme file. I'm maintaining independent sources and planning to build the same for python via maturin
Bro the source is locked and precompiled no body even the author cannot edit with malicious binaries. Thats y people used to publish binary to ensure stability. Instead of pulling from git each time.
Why not bypass Node.js entirely and write the service(s) directly in Rust? Am I missing anything?
Not everyone knows Rust, but JavaScript is widely known. A library that delivers Rust-level performance without requiring developers to learn anything new would likely be very popular. That being said, if you need Rust performance, it's a better idea to just learn Rust. Is not that hard.
Every one need node so who gonna migrate all those legacy code bases to some other language just to get extra perf...?
not every one do need node
I like the idea, but I have difficulty putting a lot of trust in projects with AI generated descriptions.
That isn't dude not a vibe coded stuff. Its a complex architecture the src code is attached in Read Me file below do check.
[dead]