Todo List: Node.js removal

2019-05-20 - André Silva

As Node.js has history of malware in hosted packages and doesn't support LibreSSL, we have decided to blacklist it.

Every linked packages needs to be rebuild or removed. There will likely be broken packages.

It is a todo list of packages that either have a direct dependency on Node.js.

Blacklisting process:
https://git.hyperbola.info:50100/software/blacklist.git/

Further details:
https://hacknews.co/malware/20181127/rogue-developer-infects-widely-used-nodejs-module-to-steal-bitcoins.html
https://thenewstack.io/npm-cleans-typosquatting-malware/
http://webinos.org/2013/06/17/reflections-on-nodejs-malware/

[ ] = remove package
[*] = build package without nodejs or related-nodejs dependencies
[#] = build package by removing nodejs or related-nodejs optional dependencies

packages:
* [ ] acorn
* [ ] apm
* [ ] asar
* [ ] babel-cli
* [ ] bower
* [ ] browserify
* [*] cantor (sagemath optdeps)
* [ ] cjdns
* [ ] cldr-emoji-annotation (only useful with nodejs-emojione)
* [ ] coffee-script
* [ ] cordova
* [ ] emscripten
* [ ] eslint
* [ ] fluid (fluid; nodejs-material-design-icons makedeps)
* [ ] gitlab (gitlab; nodejs deps)
* [ ] gitlab-runner (gitlab; independent package)
* [ ] gitlab-shell (gitlab; required by gitlab)
* [ ] gitlab-workhorse (gitlab; required by gitlab)
* [ ] grafana (grafana; grunt-cli makedeps)
* [ ] grafana-zabbix (grafana; grafana deps)
* [ ] grunt-cli
* [ ] gulp
* [*] http-parser (nodejs; independent package)
* [*] ibus (nodejs-emojione and cldr-emoji-annotation makedeps; independent package)
* [*] idris (idris; nodejs makedeps)
* [*] ipython (jupyter; independent package)
* [ ] ipython2-notebook (jupyter; independent package)
* [ ] jake
* [ ] jupyter (juppyter; python-ipywidgets deps)
* [ ] jupyter_console (jupyter; python-jupyter_client deps)
* [ ] jupyter-nbconvert (jupyter; jupyter deps)
* [ ] jupyter-nbformat (jupyter; python-jupyter_core deps)
* [ ] jupyter-notebook (jupyter; npm makedeps)
* [ ] jupyter-widgetsnbextension (jupyter; jupyter-notebook deps)
* [ ] libreoffice-online (npm and jake deps; independent package)
* [*] libibus (nodejs-emojione and cldr-emoji-annotation makedeps; independent package)
* [ ] liri-files (liri; fluid deps)
* [ ] liri-terminal (liri; fluid deps)
* [ ] marked (marked; nodejs deps)
* [ ] marked-man (marked; nodejs deps)
* [#] netdata (nodejs optdeps only)
* [*] nextcloud-app-richdocuments (libreoffice-online deps)
* [ ] nodejs-emojione (nodejs; nodejs deps)
* [ ] nodejs-less (nodejs; nodejs deps)
* [ ] nodejs-lts (nodejs)
* [ ] nodejs-material-design-icons (nodejs; nodejs deps)
* [ ] npm (npm; nodejs deps)
* [ ] npm-check-updates (npm; npm makedeps)
* [ ] phonegap (phonegap; semver deps)
* [ ] pm2
* [ ] pulp
* [#] purescript (pulp optdeps only)
* [ ] python-ipykernel (jupyter; python-jupyter_client deps)
* [ ] python-ipywidgets (jupyter; npm makedeps)
* [ ] python-jupyter_client (jupyter; python-jupyter_core deps)
* [ ] python-jupyter_core (jupyter; required by jupyter)
* [ ] python-qtconsole (jupyter; pyhon-jupyter_client deps)
* [*] python2-fpylll (sagemath optdeps)
* [ ] python2-ipykernel (jupyter; pyhon2-jupyter_client deps)
* [ ] python2-ipywidgets (jupyter; npm makedeps)
* [ ] python2-jupyter_client (jupyter; python2-jupyter_core deps)
* [ ] python2-jupyter_core (jupyter; required by jupyter)
* [ ] python2-qtconsole (jupyter; pyhon2-jupyter_client deps)
* [ ] sage-data-conway_polynomials (sagemath makedeps)
* [ ] sage-notebook
* [ ] sage-notebook-exporter (sage-notebook-exporter; jupyter-nbconvert deps)
* [ ] sagemath
* [ ] sagemath-doc (sage-notebook and thebe deps; python2-ipywidgets, python2-jupyter_client, sage-notebook and thebe makedeps)
* [ ] sagemath-jupyter (sagemath-jupyter; sage-notebook-exporter optdeps and python2-jupyter_client deps)
* [ ] sagemath-src (python2-ipywidgets, python2-jupyter_client, sage-notebook and thebe makedeps)
* [ ] sagetex (sagemath deps)
* [ ] semver
* [ ] spyder (spyder; python2-qtconsole deps)
* [ ] spyder3 (spyder; python-qtconsole and jupyder deps)
* [ ] startdde (deepin; coffee-script makedeps)
* [ ] stylus
* [ ] thebe (jupyter; independent package)
* [ ] typescript
* [ ] uglify-js
* [*] valabind (valabind; independent package, contains nodejs?)
* [ ] vibe (liri and fluid deps)
* [ ] yarn

Link to lists of pkgbase values:

Filter Todo List Packages

Select filter criteria
20 packages displayed out of 20 total packages.
Arch Repository Name Current Version Staging Version Maintainers Status Last Touched By
i686 Extra cantor 17.04.0-1.hyperbola1 Complete Emulatorman
x86_64 Extra cantor 17.04.0-1.hyperbola1 Complete Emulatorman
i686 Community http-parser 2.7.1-1.hyperbola1 Complete Emulatorman
x86_64 Community http-parser 2.7.1-1.hyperbola1 Complete Emulatorman
i686 Extra ibus 1.5.15-1.hyperbola1 Complete Emulatorman
x86_64 Extra ibus 1.5.15-1.hyperbola1 Complete Emulatorman
i686 Community idris 1.0-17.hyperbola1 Complete Emulatorman
x86_64 Community idris 1.0-17.hyperbola1 Complete Emulatorman
any Community ipython 5.3.0-1.hyperbola3 Complete Emulatorman
i686 Extra libibus 1.5.15-1.hyperbola1 Complete Emulatorman
x86_64 Extra libibus 1.5.15-1.hyperbola1 Complete Emulatorman
i686 Community netdata 1.6.0-3.hyperbola1 Complete Emulatorman
x86_64 Community netdata 1.6.0-3.hyperbola1 Complete Emulatorman
any Community nextcloud-app-richdocuments 1.1.25-3.hyperbola1 Complete Emulatorman
i686 Community purescript 0.11.4-2.hyperbola1 Complete Emulatorman
x86_64 Community purescript 0.11.4-2.hyperbola1 Complete Emulatorman
i686 Community python2-fpylll 0.2.4dev-1.hyperbola1 Complete Emulatorman
x86_64 Community python2-fpylll 0.2.4dev-1.hyperbola1 Complete Emulatorman
i686 Community valabind 0.10.0-3.hyperbola1 Complete Emulatorman
x86_64 Community valabind 0.10.0-3.hyperbola1 Complete Emulatorman