Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Definitely concerning, although I'm having trouble finding anything in the codebase to support this.

This paper even seems to contradict aspects of the project's no tracking stance. If someone told me this paper was for a different (but similar) project, I'd believe it after looking at the two side by side.

Would definitely want this to be addressed before I'd consider using it.




There are two binaries commited to the repo (cap_wasm_bg.wasm) but from what I can tell, it doesn't seem to be making any network calls or what have you. They still should get rid of them and add a Rust build step for their browser/node packages.


Can you elaborate on why you would want this? You can run their build script[1] if you're trying to compare outputs and behavior.

[1]: https://github.com/tiagorangel1/cap/blob/main/wasm/build.js


you can compare the hashes of the wasm lmao the build script is very much public


It's not a good practice to commit binary blobs in a repository. And I don't think it would be difficult to add a prepublish step to your npm packages so that you can remove them. The end user shouldn't need to run the build script and compare hashes whenever the source code changes.

Very surprised to get pushback on what I thought was an industry standard lmao


feel free to make a pr to add a worker, currently not my first priority tho




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: