Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement →
@chiffre/push
Advanced tools
@chiffre/push - npm Package Compare versions
+5
-3
| { | ||
| "name": "@chiffre/push", | ||
| "version": "2.11.3", | ||
| "version": "2.11.4", | ||
| "description": "Shared types for push.chiffre.io", | ||
@@ -24,3 +24,3 @@ "main": "dist/exports.js", | ||
| "build:ts": "tsc", | ||
| "logs": "clever logs | cut -c 27-", | ||
| "logs": "clever logs | cut -c 27- | pino-colada", | ||
| "build:exports": "cp -f ./lib/exports.js ./dist/exports.js", | ||
@@ -36,3 +36,3 @@ "build": "run-s clean build:ts build:exports", | ||
| "@47ng/check-env": "^2.0.1", | ||
| "@chiffre/analytics-core": "^1.2.0", | ||
| "@chiffre/analytics-core": "^2.0.0", | ||
| "@chiffre/crypto-box": "^1.0.1", | ||
@@ -54,2 +54,3 @@ "dayjs": "^1.8.26", | ||
| "@types/node-statsd": "^0.1.2", | ||
| "autocannon": "^4.6.0", | ||
| "axios": "^0.19.2", | ||
@@ -61,2 +62,3 @@ "commitlint": "^8.3.5", | ||
| "npm-run-all": "^4.1.5", | ||
| "pino-colada": "^1.6.1", | ||
| "ts-jest": "^25.4.0", | ||
@@ -63,0 +65,0 @@ "ts-node": "^8.9.1", |
+36
-0
@@ -8,1 +8,37 @@ # Push | ||
| Microservice to collect encrypted analytics & process metadata. | ||
| ## Chiffre.io Transparency Initiative | ||
| This service is where the encrypted visitor data arrives on the Chiffre | ||
| analytics platform. As we believe transparency is paramount in providing | ||
| a privacy-first service, we're keeping this repository public as a "no trick | ||
| up our sleeve" promise. | ||
| Here, most events are collected using two methods: | ||
| - POST with the encrypted payload in the body | ||
| - GET with the encrypted payload in a query string argument | ||
| The first one is preferred by the tracker script, and uses either `fetch` | ||
| or `sendBeacon`, depending on context and availability. | ||
| If neither are available or fail, the tracker script falls back to an | ||
| `<img>` tag, which uses the GET route with the payload in the query | ||
| string. | ||
| #### Noscript | ||
| Clients without JavaScript enabled cannot generate end-to-end encrypted | ||
| payloads. In order to count them in without revealing too much, we | ||
| [generate an encrypted message](https://github.com/chiffre-io/push/blob/f70ef57909b72fe8c17f80f7bfcc86a13b212936/src/routes/%5BprojectID%5D.ts#L296-L332) | ||
| on the fly on the server on their behalf, containing only the following | ||
| information: | ||
| - Event type (`session:noscript`) | ||
| - Time of the request | ||
| - Country of origin (2-letter ISO country code, given by CloudFlare) | ||
| That's it. We explicitly do not reveal the path or user-agent, even | ||
| though we technically could, as a desire to respect the visitor's | ||
| privacy (we consider disabling JavaScript as the ultimate protection | ||
| against tracking). |
No alert changes
Improved metrics
- Total package byte prevSize
8098
23.43%- Number of lines in readme file
44
450%Worsened metrics
- Dev dependency count
16
14.29%Dependency changes
+ Added
@chiffre/analytics-core@2.1.1(transitive)- Removed
@chiffre/analytics-core@1.2.0(transitive)