Node.js bindings

[jsilvao]

Given Node.js popularity for web backends, it could be beneficial to have bindings for it

[stef]

there is js bindings

[jsilvao]

Yes, I saw them. But they're a transpilation to WA and JS, couldn't that introduce weaknesses to attacks that target the result of the transpilation? I mean, if the source of truth, the C code, is assumed to be safe, will that assumption still hold in the transpiled code? And what about performance?

By Node.js bindings I mean native bindings/addons, so to use the C-compiled library directly from a Node.js app.

[stef]

Yes, I saw them. But they're a transpilation to WA and JS,
couldn't that introduce weaknesses to attacks that target the result of the transpilation?

all compilers are trying to optimize away things they shouldn't in the cryptographic context. even the c compilers :/
i don't see how the wasm version can be any worse than the native, btw all the cryptographic primitives come from libsodium.js which is also compiled to wasm from c. if it is good enough for @jedisct1 it is good enough for me.

I mean, if the source of truth, the C code, is assumed to be safe, will that assumption still hold in the transpiled code?

as much as in the compiled binary made from c i believe. wasm is really just a random architecture.

And what about performance?

dunno about that. i guess it depends.

By Node.js bindings I mean native bindings/addons, so to use the C-compiled library directly from a Node.js app.

i see. would be nice to have, but having the wasm binding is good enough for me (especially since that also enables people to run this in their browsers). i have not planned a native binding, but if there is a contribution that is easy and pleasant to review, i might consider adding it.