Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@aduh95/caritat

Package Overview
Dependencies
Maintainers
1
Versions
25
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@aduh95/caritat

  • 0.2.3
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
1
decreased by-80%
Maintainers
1
Weekly downloads
 
Created
Source

Caritat

The name comes from Marie Jean Antoine Nicolas de Caritat, Marquis of Condorcet, French philosopher and mathematician, notably known for championing an election method that now named after him.

The goal of this project is to allow organisations of people working remotely to cast votes is a secure and transparent way, using a git repository collect and authenticate votes.

Usage

Participate to a vote using Caritat

Node.js CLI

WIP

Shell scripts

You can use one of the shell script from the sh/ folder. Requires openssl and git to be available on the local machine, and some prior knowledge of those tools by the user.

Web UI (coming (maybe) later)

Not currently available. Caritat uses only Web-compatible APIs for the voting process, the goal is to have a web UI that allows to vote from the web. If you'd like to help, please chime in.

Setup a vote using Caritat

That's very much a manual process for the time being, the plan is to have a CLI helping with that in the future.

FAQ

Who do I need to trust?

  • As a voter, you need to trust the instigator for:
    • not leaking the private key before the vote closes.
    • not basing their vote in function of what other has voted (the instigator should always vote first).
  • As a voter or the instigator, you need to trust the git commits are genuine. Enforcing GPG signing commits can help with that.

Can a participant tamper with the votes?

When using git, a participant could force push the branch and remove or modify ballots from other participants. Adding protection on vote where the vote is happening can help prevent this.

When voting using this tool, are my choices public?

Ballots are encrypted using a public key generated for the vote, only someone in possession for the private key (the vote instigator) is theoretically able to decipher the ballot. Unless the vote needs to stay private, a recommended practice is to publish the vote private key, effectively making everyone's choices public.

Making the non-encrypted ballot available publicly is a great way to ensure the election was not rigged. Everyone can check that the ballot counted as their has not been altered and that the result adds up. It's still possible to not make them public (to keep the vote anonymous), but that requires to trust a single authority (the vote instigator).

Why are the ballots encrypted?

Encrypting the ballot is necessary to ensure people voting early do not interfere or influence folks voting after them. At the end of the vote, the instigator of the vote can share the private key, so anyone can decrypt the ballots and verify the result themself. Or the voters can decide that the private key won't be shared in order to keep the votes anonymous (the instigator of the vote needs to be able the votes to do the counting, they have to be trusted).

How are the votes authenticated?

Voters can sign their commit using GPG. When doing the counting, the system uses the git commit metadata to attribute a ballot to a voter. If a voter casts several ballots, the system only counts the most recent one.

What happens if the vote instigator lose access to the decrypting key?

The vote ballots cannot be deciphered, the process needs to start again (unless you have a quantum computer at home).

FAQs

Package last updated on 28 Jan 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc