Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
GUN is an ecosystem of tools that let you build community run and encrypted applications.
Currently, Internet Archive and HackerNoon run GUN in production.
Decentralized alternatives to Zoom, Reddit, Slack, YouTube, Wikipedia, etc. have already pushed terabytes of daily P2P traffic on GUN. We are a friendly community creating a free fun future for freedom:
The ecosystem is one nice stack of technologies that looks like this: (names -> use case)
For now, it is best to start with GUN and just use it to learn the basics, since it is so easy: (or want to read more? Skip ahead to the "What is GUN?" section.)
npm install gun
and run the examples with cd node_modules/gun && npm start
(5min ~ average developer).Note: If you don't have node or npm, read this first. If the
npm
command line didn't work, you may need tomkdir node_modules
first or usesudo
.
<script src="https://cdn.jsdelivr.net/npm/gun/gun.js"></script>
<script>
// var Gun = require('gun'); // in NodeJS
// var Gun = require('gun/gun'); // in React
var gun = Gun();
gun.get('mark').put({
name: "Mark",
email: "mark@gunDB.io",
});
gun.get('mark').on(function(data, key){
console.log("update:", data);
});
</script>
var cat = {name: "Fluffy", species: "kitty"};
var mark = {boss: cat};
cat.slave = mark;
// partial updates merge with existing data!
gun.get('mark').put(mark);
// access the data as if it is a document.
gun.get('mark').get('boss').get('name').once(function(data, key){
// `val` grabs the data once, no subscriptions.
console.log("Mark's boss is", data);
});
// traverse a graph of circular references!
gun.get('mark').get('boss').get('slave').once(function(data, key){
console.log("Mark is the slave!", data);
});
// add both of them to a table!
gun.get('list').set(gun.get('mark').get('boss'));
gun.get('list').set(gun.get('mark'));
// grab each item once from the table, continuously:
gun.get('list').map().once(function(data, key){
console.log("Item:", data);
});
// live update the table!
gun.get('list').set({type: "cucumber", goal: "scare cat"});
Want to keep building more? Jump to THE DOCUMENTATION!
First & foremost, GUN is a community of the nicest and most helpful people out there. So I want to invite you to come tell us about what you are working on & wanting to build (new or old school alike! Just be nice as well.) and ask us your questions directly. :)
On that note, let's get some official shout outs covered first:
Thanks to:
Robert Heessels, Lorenzo Mangani, NLnet Foundation, Sam Liu, Daniel Dombrowsky, Vincent Woo, AJ ONeal, Bill Ottman, Mike Lange, Sean Matheson, Alan Mimms, Dário Freire, John Williamson, Robin Bron, Elie Makhoul, Mike Staub, Bradley Matusiak, Jeff Cook, Nico, Aaron Artille
GUN was created by Mark Nadal in 2014 after he had spent 4 years trying to get his collaborative web app to scale up with traditional databases.
After he realized Master-Slave database architecture causes one big bottleneck, he (as a complete newbie outsider) naively decided to question the status quo and shake things up with controversial, heretical, and contrarian experiments:
The NoDB - no master, no servers, no "single source of truth", not built with a real programming language or real hardware, no DevOps, no locking, not just SQL or NoSQL but both (all - graphs, documents, tables, key/value).
The goal was to build a P2P database that could survive living inside any browser, and could correctly sync data between any device after assuming any offline-first activity.
Technically, GUN is a graph synchronization protocol with a lightweight embedded engine, capable of doing 20M+ API ops/sec in just ~9KB gzipped size.
API reference | Tutorials | Examples |
GraphQL | Electron | React & Native |
Vue | Svelte | Webcomponents |
CAP Theorem Tradeoffs | How Data Sync Works | How GUN is Built |
Crypto Auth | Modules | Roadmap |
This would not be possible without community contributors, big shout out to:
ajmeyghani (Learn GUN Basics with Diagrams); anywhichway (Block Storage); beebase (Quasar); BrockAtkinson (brunch config); Brysgo (GraphQL); d3x0r (SQLite); forrestjt (file.js); hillct (Docker); JosePedroDias (graph visualizer); JuniperChicago (cycle.js bindings); jveres (todoMVC); kristianmandrup (edge); Lightnet (Awesome Vue User Examples & User Kitchen Sink Playground); lmangani (Cytoscape Visualizer, Cassandra, Fastify, LetsEncrypt); mhelander (SEA); omarzion (Sticky Note App); PsychoLlama (LevelDB); RangerMauve (schema); robertheessels (gun-p2p-auth); rogowski (AXE); sbeleidy; sbiaudet (C# Port); Sean Matheson (Observable/RxJS/Most.js bindings); Shadyzpop (React Native example); sjones6 (Flint); RIP Stefdv (Polymer/web components); zrrrzzt (JWT Auth); xmonader (Python Port);
I am missing many others, apologies, will be adding them soon! This list is infintiely old & way out of date, if you want to be listed in it please make a PR! :)
Tests may be run with npm test
. Tests will trigger persistent writes to the DB, so subsequent runs of the test will fail. You must clear the DB before running the tests again. This can be done by running the following command in the project directory.
rm -rf *data*
These are only needed for NodeJS & React Native, they shim the native Browser WebCrypto API.
If you want to use SEA for User
auth and security, you will need to install:
npm install text-encoding @peculiar/webcrypto --save
Please see our React Native docs for installation instructions!
Then you can require SEA without an error:
var GUN = require('gun/gun');
var SEA = require('gun/sea');
Note: The default examples that get auto-deployed on
npm start
CDN-ify all GUN files, modules, & storage.
Note: When deploying a web application using GUN on a cloud provider, you may have to set
CI=false
in your.env
. This prevents GUN-specific warnings from being treated as errors when deploying your app. You may also resolve this by modifying your webpack config to not try to build the GUN dependencies.
To quickly spin up a GUN relay peer for your development team, utilize Zeet, Heroku, Docker, or any variant thereof Dokku, Flynn.io, now.sh, etc. ! Or use all of them so your relays are decentralized too!
Heroku deletes your data every 15 minutes, one way to fix this is by adding cheap storage.
Or:
git clone https://github.com/amark/gun.git
cd gun
heroku create
git push -f heroku HEAD:master
Then visit the URL in the output of the 'heroku create' step, in a browser.
npm install -g now
now --npm amark/gun
Then visit the URL in the output of the 'now --npm' step, in your browser.
Fork this GUN repo (Unubo only deploys from your own GitHub repo's).
Add a Node.js app, select your GUN fork, set npm start
start as the command and deploy.
From the experience of genderev, this only works if you set your country to the United States.
Visit the deployed app by following the 'view app' button, in your browser.
Warning: Docker image is community contributed and may be old with missing security updates, please check version numbers to compare.
Pull from the Docker Hub . Or:
docker run -p 8765:8765 gundb/gun
Or build the Docker image locally:
git clone https://github.com/amark/gun.git
cd gun
docker build -t myrepo/gundb:v1 .
docker run -p 8765:8765 myrepo/gundb:v1
Or, if you prefer your Docker image with metadata labels (Linux/Mac only):
npm run docker
docker run -p 8765:8765 username/gun:git
Then visit http://localhost:8765 in your browser.
Designed with ♥ by Mark Nadal, the GUN team, and many amazing contributors.
Openly licensed under Zlib / MIT / Apache 2.0.
FAQs
A realtime, decentralized, offline-first, graph data synchronization engine.
The npm package gun receives a total of 2,794 weekly downloads. As such, gun popularity was classified as popular.
We found that gun demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.