Introducing Dim – a new framework that brings React-like functional JSX-syntax with JS. Check it out here:

🔗 Project: https://github.com/positive-intentions/dim

🔗 Website: https://dim.positive-intentions.com/

My journey with web components started with Lit, and while I appreciated its native browser support (less tooling!), coming from ReactJS, the class components felt like a step backward. The functional approach in React significantly improved my developer experience and debugging flow.

So, I set out to build a thin, functional wrapper around Lit, and Dim is the result! It's a proof-of-concept right now, with "main" hooks similar to React, plus some custom ones like useStore for encryption-at-rest. (Note: state management for encryption-at-rest is still unstable and currently uses a hardcoded password while I explore passwordless options like WebAuthn/Passkeys).

You can dive deeper into the documentation and see how it works here:

📚 Dim Docs: https://positive-intentions.com/docs/category/dim

This project is still in its early stages and very unstable, so expect breaking changes. I've already received valuable feedback on some functions regarding security, and I'm actively investigating those. I'm genuinely open to all feedback as I continue to develop it!

How would one include a passphrase when using the web crypto API when working with asymmetric encryption. I was able to figure out how to do asymmetric encryption without a passphrase using the web crypto API and was able to figure out how to do asymmetric encryption using the crypto library in NodeJS.

Asymmetric encryption using Web Crypto API (No Passphrase)

import { webcrypto } from 'crypto';

const MY_TEXT = 'My Text';

(async function () {
	const { publicKey, privateKey } = await webcrypto.subtle.generateKey(
		{
			name: 'rsa-Oaep',
			modulusLength: 2048,
			publicExponent: new Uint8Array([1, 0, 1]),
			hash: 'sha-256',
		},
		true,
		['encrypt', 'decrypt']
	);

	const encryptedTextArrayBuffer = await webcrypto.subtle.encrypt(
		{
			name: 'rsa-Oaep',
		},
		publicKey,
		new TextEncoder().encode(MY_TEXT)
	);

	let encryptedTextUint8Array = new Uint8Array(encryptedTextArrayBuffer);
	const ENCRYPTED_TEXT = convertUint8ArrayToBase64String(encryptedTextUint8Array);

	console.log(ENCRYPTED_TEXT);

	encryptedTextUint8Array = convertBase64StringToUint8Array(ENCRYPTED_TEXT);

	const decryptedArrayBuffer = await webcrypto.subtle.decrypt(
		{
			name: 'rsa-Oaep',
		},
		privateKey,
		encryptedTextUint8Array.buffer
	);

	console.log(new TextDecoder().decode(decryptedArrayBuffer));
})();

function convertUint8ArrayToBase64String(uint8Array) {
	const CHARACTER_CODES = String.fromCharCode(...uint8Array);
	return btoa(CHARACTER_CODES);
}

function convertBase64StringToUint8Array(base64String) {
	const CHARACTER_CODES = atob(base64String);

	const uint8Array = new Uint8Array(CHARACTER_CODES.length);
	uint8Array.set(
		new Uint8Array(
			[...CHARACTER_CODES].map(function (currentCharacterCode) {
				return currentCharacterCode.charCodeAt(0);
			})
))}

I stumbled on the exact same issue described at the end of the "The same issue, but with web platform functions" section today, thought it might be worth sharing that article here.

✍️ Reusable API proxy in just a few lines of JavaScript

For my project Mentions United, which collects interactions from various platforms via API to display them on the own page, at some point I needed a way to hide the authentication tokens required for some APIs from being used by unauthorized parties. You simply don’t leave your security keys lying around in the code, especially not if it’s publicly visible on GitHub. ...

I don't know if anyone here uses [Tamper|Grease]monkey, but I asked my LLM to come up with a redirect from Xitter and it gave me this gem:

// ==UserScript==
// @name         Redirect x.com to xcancel.com
// @namespace    http://tampermonkey.net/
// @version      0.1
// @description  try to take over the world!
// @author       You
// @match        https://x.com/*
// @grant        none
// ==/UserScript==

(function() {
    'use strict';
    var url = window.location.href;
    url = url.replace("https://x.com/", "https://xcancel.com/");
    window.location.replace(url);
})();

Works like a charm.