neighbourhoodie-nnh-logo

NH:STF S01E02 OpenPGP.js posted Wednesday, September 11, 2024 by The Neighbourhoodie Team

This post is part of our series on our work for the Sovereign Tech Fund (STF). Our introduction post explains why and how we are contributing to various Open Source projects.

OpenPGP.js is a pure, Open Source OpenPGP implementation written in JavaScript. Its main use-case is enabling PGP workflows in web-based email systems, but as JavaScript is available on almost all devices these days, its utility is universal.

We started out by introducing a fuzz testing suite to the project. Fuzz testing is a form of unit testing, but instead of relying on manually crafted input and comparing it to the desired output, fuzz testing generates a near infinite number of permutations for input data to find rare implementation bugs. For security-related software, this is an important aspect of a complete automated testing suite.

We then focussed on making the project more approachable for new contributors by:

  1. improving the documentation for first-time contributors
  2. adding a high-level description of the project’s architecture
  3. and improving the general contribution guidelines.

Finally, we started work on migrating certain core modules from JavaScript to TypeScript, to make crucial parts of the project more type-safe.

Here’s a short interview with Neighbourhoodie developer Alba Herrerías Ramírez, who runs our STF programme and worked on OpenPGP.js:

What was the most surprising thing working on this project?

Alba: I’m not sure if it’s ‘surprising’ but something I found pleasant was their user documentation, it’s great, I would like to see more projects paying this detail to docs.

What was especially challenging about this project?

Alba: OpenPGP.js have been planning to release v6 for a long time and our work got stuck in the middle (since they requested us to base our work in the v6 branch). We needed to accommodate the project’s timelines.

Conclusion

In summary, we could play to our strengths here and help a web-based project and we could build upon our work with Sequoia-PGP. There is lots to be done on the OpenPGP.js project and we hope we get another chance at helping them along.

« Back to the blog post overview