rubysec / bundler-audit Goto Github PK
View Code? Open in Web Editor NEWPatch-level verification for Bundler
License: GNU General Public License v3.0
Patch-level verification for Bundler
License: GNU General Public License v3.0
We have several gems that points to master
branch on GitHub, sadly. When we run bundle-audit check
, it displays the error:
Insecure Source URI found: git://github.com/gregbell/active_admin.git
So, I tried to use --ignore
flag, but no luck
$ bundle-audit --ignore active_admin
Insecure Source URI found: git://github.com/gregbell/active_admin.git
Unpatched versions found!
$ echo $?
1
So I'm proposing either of this change:
--ignore-git-source
so that it stops complaining if I include something from Git--ignore
detects that this gem is in a particular source, and doesn't raise error for that source.What do you guys think? I could submit a patch if any of this idea looks good for you.
When running bundle-audit check --update
as described in the README.md it throws an error.
ERROR: "bundle-audit check" was called with arguments ["--update"]
Usage: "bundle-audit check"
I worked around this by using bundle-audit update && bundle-audit check
, but thought you might want to be aware so the README can be updated if this is no longer supported or fixed if it's a bug.
README:
$ bundle-audit check --update
Real life:
$ bundle-audit version
bundle-audit 0.4.0 (advisories: 163)
$ bundle-audit check --update
ERROR: "bundle-audit check" was called with arguments ["--update"]
Usage: "bundle-audit check"
Is there an easy way to integrate bundle-audit with the app's specs?
It would be cool to be able to include a bundler-audit -provided Rspec task that does the deed for you. This saves you having to remember doing it every now and then.
Or maybe a default Capistrano task that hooks itself and runs whenever cap:deploy is invoked
almost all (if not all) element reported by bundle-audit are false positive...
for example
Name: activerecord
Version: 3.2.18
Advisory: OSVDB-90072
Criticality: Medium
URL: http://direct.osvdb.org/show/osvdb/90072
Title: Ruby on Rails Active Record attr_protected Method Bypass
Solution: upgrade to ~> 2.3.17, ~> 3.1.11, >= 3.2.12
recommendation is to upgrade to something greater than 3.2.12 and I am on 3.2.18
why is it reported...
bundle audit currently reports me 41 items... and I have yet to find one that is real...
thanks
In our company we got an internal gem server and we need do ignore the warning:
Insecure Source URI found: http://gems.test.com.br/
Help?
Hi,
I'm getting a SyntaxError
under REE 1.8.7-2012.02:
bundler-audit-0.1.0/lib/bundler/audit/advisory.rb:56: syntax error, unexpected ')' (SyntaxError)
Is this gem compatible with Ruby 1.8.7? I see no mention of ruby version requirements.
Resolve the host of insecure git sources and check if they are non-routable IPs.
The problem comes from using the most recent commit time of USER_PATH, but trying to use the ctime of the copy in VENDORED_PATH.
Let's say you package up a version of the vendored repo with its last commit
being from time T=1.
You release your gem at time T=2.
The upstream vulnerability repo is updated at T=3.
A user installs the gem at T=4.
A user installs a local bundle at T=5.
Using the ctime of the vendored copy means that it will be comparing a
vendored copy with a timestamp of T=5 (but whose last commit is from T=1)
to a local copy with a last commit of T=2.
The code will thus use an OLDER vendored repo until such time as the vuln
database carries a commit newer than the time at which the user installed
the gem, and updates his or her local cache.
I'm working on an appropriate fix for this now, which will likely involve snapshotting the ctime of the vendored copy whenever it's updated.
On an older project, my ruby environment had rubygems version 1.6.2 installed which causes a false positive on non SemVer gem strings e.g. such as newrelic_rpm in cve 2013-0284 has a patched version of ">= 3.5.3.25", but the installed version of "3.5.5.38" doesn't satisfy the constraint. Updating rubygems (in my case to 1.8.19) and re-running fixes that, but I suggest printing a warning if the rubygems version is too old for that to work correctly. I'm not sure what the appropriate cutoff version would be.
TL;DR;
old rubygems versions can't compare gem versions with 4 period separated numbers correctly, so at least a warning would be appropriate
Running bundle-audit, it flags vulnerabilities for versions below my current version.
$ bin/bundle-audit
Name: rails
Version: 2.3.17
CVE: 2013-0156
...
Solution: upgrade to ~> 2.3.15, ~> 3.0.19, ~> 3.1.10, >= 3.2.11
Hey,
we are consuming bundler-audit in our CI builds and we don't want to hit https://github.com/rubysec/ruby-advisory-db.git continuously, so we want to make database URL configurable. Also make other global parameters like VENDORED_PATH, VENDORED_TIMESTAMP, USER_PATH which will make this gem to have broader usage.
I can make a pull request if you want.
Any chance bundler-audit could add support for the Rails 3-0 stable branch?
More info:
http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
It's currently at
rails (3.0.20 f2839f1)
What is with travis? Why it doesn't run tests?
Update all specs to use RSpec 3 syntax. Consider using transpec to automate the process.
Example of output from bundle-audit
Name: json
Version: 1.7.7
CVE: 2013-0269
Criticality: High
URL: http://direct.osvdb.org/show/osvdb/90074
Title: Ruby on Rails JSON Gem Arbitrary Symbol Creation Remote DoS
Solution: upgrade to ~> 1.5.4, ~> 1.6.7, >= 1.7.7
So it tells me to upgrade to >= 1.7.7 when I already have 1.7.7 installed, as confirmed with:
# bundle list | grep json
* json (1.7.7)
Using this Ruby:
# ruby -v
ruby 1.8.7 (2012-10-12 patchlevel 371) [i686-darwin12.2.0]
The problem only appears to affect 1.8.7. On 1.9.3p385, the nonsensical warnings disappear.
Can you change license type? This license assumes disclosure of source code as I understood, and I think this license is not absolutely suitable for those who will use gem in commercial projects.
Hey,
It's will be great to add optional --quiet
flat during git clone https://github.com/rubysec/ruby-advisory-db.git
.
We use bundle-audit
during CI build and just don't want to pollute output log.
I just installed bundler-audit, then did gem update bundler-audit, then did bundle-audit update, then ran it, and it successfully found the latest rails security problems, so it is a great gem. However, when I fixed the problems, and ran bundle-audit again, I had the following output:
Insecure Source URI found: http://rubygems.org/
Unpatched versions found!
However, according to issue #67 this should no longer happen.
Call me paranoid, but even though bundler-audit seems awesome I feel unsafe using this library anywhere near production code. If the ruby advisory DB is ever compromised, everything's YAML and getting parsed unsafely with Psych. This isn't bundler-audit's fault... Hopefully TenderLove and the other Psych contributors can figure out a sort of #safe_load soon. I'm an optimist :-)
Till then, why don't we use dtao's safe_yaml gem, which gives us YAML.safe_load
to only create basic Ruby objects? What does everyone think of this?
Use YAML.parse
to manually parse/load the advisory data to prevent potential exploitation of the YAML deserialization vulnerability.
Move the advisories out into a common Ruby Advisory Database. This would allow bundler-audit to be updated out-of-release-cycle. Other websites could use Bundler::Audit::Database
and merely call #update!
via a cronjob.
Can you release a new version once in a while, there are a lot of changes on master that never made it to rubygems (0.1.2 is the latest there)
Pulled directly from email discussions
... if File.exists? (~/.gem/advisories/ruby-advisory-db); #use that; else #use data/ruby-advisory-db; end type of statement...
And
You would also want a --sync flag to create the DB. Also if the directory against, auto-update it unless a --no-update flag is specified.
we were using an outdated version of will_paginate:
laptop ~/gr [test-times|✚ 2…2]$ grep will_paginate Gemfile*
Gemfile:gem 'will_paginate', '~> 3.0.3'
Gemfile.lock: will_paginate (3.0.3)
Gemfile.lock: will_paginate (~> 3.0.3)
and bundler-audit didn't find this issue:
laptop ~/gr [test-times|✚ 2…3]$ bundle-audit update
Updating ruby-advisory-db ...
From https://github.com/rubysec/ruby-advisory-db
* branch master -> FETCH_HEAD
Already up-to-date.
ruby-advisory-db: 64 advisories
laptop ~/gr [test-times|✚ 2…3]$ bundle-audit
No unpatched versions found
even though it's definitely listed in the ruby-advisory-db:
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/will_paginate/OSVDB-101138.yml
Run bundle audit with ignore particular version of CVE, but it find this vulnerability
✗ bundle-audit check --ignore "CVE-2014-4920"
Insecure Source URI found: git://github.com/airblade/paper_trail.git
....
Name: twitter-bootstrap-rails
Version: 2.2.8
Advisory: CVE-2014-4920
Criticality: Unknown
URL: http://blog.nvisium.com/2014/03/reflected-xss-vulnerability-in-twitter.html
Title: Reflective XSS Vulnerability in twitter-bootstrap-rails
Solution: upgrade to >= 3.2.0
Vulnerabilities found!
Refactor into rubygems-audit, which would auto-detect Bundler, otherwise check the latest version of the gems installed.
We're about to integrate bundler-audit into our CircleCI build process and it's looking really promising except for one fact: ignoring vulnerabilities leads to none being listed by bundler-audit, but it still exits with exit code 1
, making CircleCI think it failed.
The reason why we ignore some vulnerabilities is because we're running on a forked version of https://github.com/spree/spree and we have to monkey patch their security patches instead of upgrading the version.
Example output:
$ bundle exec bundle-audit check --update --ignore OSVDB-119205 OSVDB-125699 OSVDB-125701
Updating ruby-advisory-db ...
From https://github.com/rubysec/ruby-advisory-db
* branch master -> FETCH_HEAD
Already up-to-date.
ruby-advisory-db: 226 advisories
Vulnerabilities found!
Since ruby-advisory-db is being updated so frequently, it doesn't make sense to use bundler-audit with a vendored version. Instead, bundler-audit could automatically clone/update the ruby-advisory-db ensuring it was always up-to-date. This would simplify the Database.path
logic, at the cost of requiring a network connection.
Was having a play around and wondering why the following command was not ignoring the given vulnerability:
$ be bundle-audit check --ignore 126747
Name: uglifier
Version: 2.7.1
Advisory: 126747
Criticality: Unknown
URL: https://github.com/mishoo/UglifyJS2/issues/751
Title: uglifier incorrectly handles non-boolean comparisons during minification
Solution: upgrade to >= 2.7.2
After doing some debugging, I found that the advisory property being used to compare to the ignore list was the id
property ("OSVDB-126747"), but the code prints the osvdb
property ("126747") which did not include the prefix.
unless ignore.include?(advisory.id)
yield UnpatchedGem.new(gem,advisory)
end
say "Advisory: ", :red
if advisory.cve
say "CVE-#{advisory.cve}"
elsif advisory.osvdb
say advisory.osvdb
end
Is there a reason for not displaying the full Advisory ID in the output?
When running bundle-audit update
is it expected to return a non-zero exit code when the update server is unavailable? Currently I'm seeing a zero exit code (bundler-audit 0.4.0).
I tried testing this by disabling my network connection and running:
$ bundle-audit --version
bundle-audit 0.4.0 (advisories: 233)
$ bundle-audit update
Updating ruby-advisory-db ...
fatal: unable to access 'https://github.com/rubysec/ruby-advisory-db.git/': Could not resolve host: github.com
ruby-advisory-db: 233 advisories
# zero exit code, expected non-zero:
$ echo $?
0
A reason for preferring a non-zero exit code instead, is for environments that are running unattended jobs like:
# If advisory db fails to update, may not have latest vulnerabilties:
bundle-audit update && bundle-audit
These environments could report that the bundle-audit
is good (no vulns. found) when the advisory db is out-of-date. bundle-audit update
may persistently fail due to restrictive firewall policies, meaning the advisory db is never updated successfully.
Lot's of people are scared of GPL, relasing under MIT would be great/simpler/no need to explain to legal department etc
a new version on rubygems would be great :)
I run bundle-audit on rails-2.3.18 project. Is bundler-audit telling the truth here?
Name: actionpack
Version: 2.3.18
CVE: 2012-1099
Criticality: Medium
URL: http://www.osvdb.org/show/osvdb/79727
Title: Ruby on Rails actionpack/lib/action_view/helpers/form_options_helper.rb Manually Generated Select Tag Options XSS
Solution: upgrade to ~> 3.0.12, ~> 3.1.4, >= 3.2.2
Name: actionpack
Version: 2.3.18
CVE: 2012-3424
Criticality: Medium
URL: http://www.osvdb.org/show/osvdb/84243
Title: Ruby on Rails actionpack/lib/action_controller/metal/http_authentication.rb with_http_digest Helper Method Remote DoS
Solution: upgrade to ~> 3.0.16, ~> 3.1.7, >= 3.2.7
Name: actionpack
Version: 2.3.18
CVE: 2012-3463
Criticality: Medium
URL: http://osvdb.org/84515
Title: Ruby on Rails select_tag Helper Method prompt Value XSS
Solution: upgrade to ~> 3.0.17, ~> 3.1.8, >= 3.2.8
Name: actionpack
Version: 2.3.18
CVE: 2012-3465
Criticality: Medium
URL: http://www.osvdb.org/show/osvdb/84513
Title: Ruby on Rails strip_tags Helper Method XSS
Solution: upgrade to ~> 3.0.17, ~> 3.1.8, >= 3.2.8
Name: activerecord
Version: 2.3.18
CVE: 2012-2660
Criticality: High
URL: http://www.osvdb.org/show/osvdb/82610
Title: Ruby on Rails ActiveRecord Class Rack Query Parameter Parsing SQL Query Arbitrary IS NULL Clause Injection
Solution: upgrade to ~> 3.0.13, ~> 3.1.5, >= 3.2.4
Name: activerecord
Version: 2.3.18
CVE: 2012-2661
Criticality: Medium
URL: http://www.osvdb.org/show/osvdb/82403
Title: Ruby on Rails where Method ActiveRecord Class SQL Injection
Solution: upgrade to ~> 3.0.13, ~> 3.1.5, >= 3.2.4
Name: activesupport
Version: 2.3.18
CVE: 2012-1098
Criticality: Medium
URL: http://osvdb.org/79726
Title: Ruby on Rails SafeBuffer Object [] Direct Manipulation XSS
Solution: upgrade to ~> 3.0.12, ~> 3.1.4, >= 3.2.2
Name: activesupport
Version: 2.3.18
CVE: 2012-3464
Criticality: Medium
URL: http://www.osvdb.org/show/osvdb/84516
Title: Ruby on Rails HTML Escaping Code XSS
Solution: upgrade to ~> 3.0.17, ~> 3.1.8, >= 3.2.8
Unpatched versions found!
A thought came up while applying bundler-audit (and brakeman etc) on many projects for a client.
To avoid errors when doing bulk operations especially, it would be convenient that bundler-audit verify if it is up-to-date or not.
If the user relies on :git
in the Gemfile, mention that there's a new commit. If there's a new version on rubygems, mention that as well etc.
Just a thought - maybe that's too much? But I'm careful and almost got bitten by that today.
What do you think?
#98 fixed an issue we were having (We also utilize gem-in-a-box)...
Could we get a 0.4.1 version released?
Thanks.
The bundle-audit check --update
call mentioned in README does not work for me:
vagrant@vagrant-ubuntu-trusty-64:/vagrant$ gem list | grep bundler-audit
bundler-audit (0.4.0)
vagrant@vagrant-ubuntu-trusty-64:/vagrant$ bundle-audit check --update
ERROR: "bundle-audit check" was called with arguments ["--update"]
Usage: "bundle-audit check"
Use advisory files from multiple paths. Prefer the file with a newer timestamp.
Hi! Having Gemfile.lock in git is very useful for a team so that everyone uses the same gem versions.... why do you have it in the gitignore file? I am curious if there is a good reason for that...
The bundle-audit
binary is run with ruby_executable_hooks
. By default, this wrapper uses the noexec
functionality, documented at https://github.com/mpapis/rubygems-bundler. In turn, this executes the Gemfile
in the current directory.
This is problematic if the Gemfile
has early termination code, such as
if !File.exists?("/usr/bin/foo")
Bundler.ui.error("You must install `foo` first!")
raise SystemExit.new(1)
end
When executing under bundle-audit
, the error isn't shown, and the command fails silently. This is undesirable, and may lead users to believe that their project passed the audit.
I'm unsure if we can opt out of this somewhere in the gemspec, though that would probably be best. At the least, we should document it and suggest exporting NOEXEC_EXCLUDE=bundle-audit
from one's shell to disable Gemfile
parsing.
Thanks!
Replace data/bundler/audit
with a git sub-module to ruby-advisory-db.
bundler-audit version = 0.3.0
I can't reproduce it on my mac, but it continuously crashing on travis-ci.org
bundle-audit update; bundle-audit check
Gemfile.lock
GEM
remote: https://rubygems.org/
specs:
actionmailer (4.0.0)
actionpack (= 4.0.0)
mail (~> 2.5.3)
actionpack (4.0.0)
activesupport (= 4.0.0)
builder (~> 3.1.0)
erubis (~> 2.7.0)
rack (~> 1.5.2)
rack-test (~> 0.6.2)
activemodel (4.0.0)
activesupport (= 4.0.0)
builder (~> 3.1.0)
activerecord (4.0.0)
activemodel (= 4.0.0)
activerecord-deprecated_finders (~> 1.0.2)
activesupport (= 4.0.0)
arel (~> 4.0.0)
activerecord-deprecated_finders (1.0.3)
activesupport (4.0.0)
i18n (~> 0.6, >= 0.6.4)
minitest (~> 4.2)
multi_json (~> 1.3)
thread_safe (~> 0.1)
tzinfo (~> 0.3.37)
arel (4.0.2)
atomic (1.1.14)
builder (3.1.4)
erubis (2.7.0)
ftpd (0.2.1)
memoizer (~> 1.0.1)
hike (1.2.3)
i18n (0.6.9)
mail (2.5.4)
mime-types (~> 1.16)
treetop (~> 1.4.8)
memoizer (1.0.1)
mime-types (1.25.1)
minitest (4.7.5)
multi_json (1.8.4)
polyglot (0.3.3)
rack (1.5.2)
rack-test (0.6.2)
rack (>= 1.0)
rails (4.0.0)
actionmailer (= 4.0.0)
actionpack (= 4.0.0)
activerecord (= 4.0.0)
activesupport (= 4.0.0)
bundler (>= 1.3.0, < 2.0)
railties (= 4.0.0)
sprockets-rails (~> 2.0.0)
railties (4.0.0)
actionpack (= 4.0.0)
activesupport (= 4.0.0)
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
rake (10.1.1)
sprockets (2.10.1)
hike (~> 1.2)
multi_json (~> 1.0)
rack (~> 1.0)
tilt (~> 1.1, != 1.3.0)
sprockets-rails (2.0.1)
actionpack (>= 3.0)
activesupport (>= 3.0)
sprockets (~> 2.8)
thor (0.18.1)
thread_safe (0.1.3)
atomic
tilt (1.4.1)
treetop (1.4.15)
polyglot
polyglot (>= 0.3.1)
tzinfo (0.3.38)
PLATFORMS
ruby
DEPENDENCIES
ftpd (= 0.2.1)
rails (= 4.0.0)
Exception backtrace:
/home/travis/.rvm/gems/ruby-2.1.0/gems/bundler-1.5.2/lib/bundler/vendor/thor/shell/basic.rb:80:in `say': undefined method `end_with?' for #<Gem::Version "0.2.1"> (NoMethodError)
from /home/travis/.rvm/gems/ruby-2.1.0/gems/bundler-1.5.2/lib/bundler/vendor/thor/shell.rb:59:in `say'
from /home/travis/.rvm/gems/ruby-2.1.0/gems/bundler-audit-0.3.0/lib/bundler/audit/cli.rb:77:in `say'
from /home/travis/.rvm/gems/ruby-2.1.0/gems/bundler-audit-0.3.0/lib/bundler/audit/cli.rb:89:in `print_advisory'
from /home/travis/.rvm/gems/ruby-2.1.0/gems/bundler-audit-0.3.0/lib/bundler/audit/cli.rb:46:in `block in check'
from /home/travis/.rvm/gems/ruby-2.1.0/gems/bundler-audit-0.3.0/lib/bundler/audit/scanner.rb:87:in `block (2 levels) in scan'
from /home/travis/.rvm/gems/ruby-2.1.0/gems/bundler-audit-0.3.0/lib/bundler/audit/database.rb:164:in `block in check_gem'
from /home/travis/.rvm/gems/ruby-2.1.0/gems/bundler-audit-0.3.0/lib/bundler/audit/database.rb:139:in `block in advisories_for'
from /home/travis/.rvm/gems/ruby-2.1.0/gems/bundler-audit-0.3.0/lib/bundler/audit/database.rb:227:in `glob'
from /home/travis/.rvm/gems/ruby-2.1.0/gems/bundler-audit-0.3.0/lib/bundler/audit/database.rb:227:in `each_advisory_path_for'
from /home/travis/.rvm/gems/ruby-2.1.0/gems/bundler-audit-0.3.0/lib/bundler/audit/database.rb:138:in `advisories_for'
from /home/travis/.rvm/gems/ruby-2.1.0/gems/bundler-audit-0.3.0/lib/bundler/audit/database.rb:162:in `check_gem'
from /home/travis/.rvm/gems/ruby-2.1.0/gems/bundler-audit-0.3.0/lib/bundler/audit/scanner.rb:85:in `block in scan'
from /home/travis/.rvm/gems/ruby-2.1.0/gems/bundler-audit-0.3.0/lib/bundler/audit/scanner.rb:84:in `each'
from /home/travis/.rvm/gems/ruby-2.1.0/gems/bundler-audit-0.3.0/lib/bundler/audit/scanner.rb:84:in `scan'
from /home/travis/.rvm/gems/ruby-2.1.0/gems/bundler-audit-0.3.0/lib/bundler/audit/cli.rb:39:in `check'
from /home/travis/.rvm/gems/ruby-2.1.0/gems/bundler-1.5.2/lib/bundler/vendor/thor/command.rb:27:in `run'
from /home/travis/.rvm/gems/ruby-2.1.0/gems/bundler-1.5.2/lib/bundler/vendor/thor/invocation.rb:121:in `invoke_command'
from /home/travis/.rvm/gems/ruby-2.1.0/gems/bundler-1.5.2/lib/bundler/vendor/thor.rb:363:in `dispatch'
from /home/travis/.rvm/gems/ruby-2.1.0/gems/bundler-1.5.2/lib/bundler/vendor/thor/base.rb:440:in `start'
from /home/travis/.rvm/gems/ruby-2.1.0/gems/bundler-audit-0.3.0/bin/bundle-audit:10:in `<top (required)>'
from /home/travis/.rvm/gems/ruby-2.1.0/bin/bundle-audit:23:in `load'
from /home/travis/.rvm/gems/ruby-2.1.0/bin/bundle-audit:23:in `<main>'
Apologies, issue created in wrong repo!
bundler-audit has started giving the following warning:
Insecure Source URI found: git://github.com/stefanpenner/country_select.git
I reported on this on their github site but the response was that they do not support bundler-audit. Can you please give me some more information about what is causing this warning so I can try to convince them it is worth fixing.
@postmodern would you merge a PR that adds these a low priority advisories ?
https://github.com/ASoftCo/leaky-gems
Just putting together a PR, unfortunately having a little trouble getting all specs to pass with unmodified master
. I guess I'm missing some setup steps. Here's what I've got so far:
# Fork repo on GitHub, then ...
git clone FORK_URL
cd bundler-audit/
bundle install
bundle exec rspec
Hi,
I tried out this service (https://isitvulnerable.com/) after receiving the last Ruby weekly. It reports vulnerabilities in my Gemfile.lock
not caught by the latest version of bundler-audit:
jquery-rails 4.0.3
Upgrade to:
CSRF Vulnerability in jquery-rails ~> 3.1.3
>= 4.0.4
rest-client 1.6.7
Upgrade to:
Rest-Client Gem for Ruby logs password information in plaintext >= 1.7.3
rubygem-rest-client: session fixation vulnerability via Set-Cookie headers in 30x redirection responses
What should I think about it ?
Thanks
When running bundler-audit with no vulnerable gems, it still outputs 'Unpatched versions found!' if an insecure source is found.
$: bundle-audit
Insecure Source URI found: http://rubygems.org/
Unpatched versions found!
Hey man, it looks like the submodule of of the vuln db you have is missing the 5 new actionpack vulns
..
OSVDB-100524.yml
OSVDB-100525.yml
OSVDB-100526.yml
OSVDB-100527.yml
OSVDB-100528.yml
I ran bundler-audit on a 3.2.15 codebase and didn't get any rails issues.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.