
Show HN: Certainty-JS: Automated CACert.pem Management for Node.js Software - CiPHPerCoder
https://github.com/paragonie/certainty-js
======
CiPHPerCoder
Hi HN,

A couple years ago I started developing an open source PHP library called
Certainty. You can read about it here:
[https://paragonie.com/blog/2017/10/certainty-automated-
cacer...](https://paragonie.com/blog/2017/10/certainty-automated-cacert-pem-
management-for-php-software)

Essentially, I wanted to ensure that server-to-server HTTP requests use TLS
securely in open source projects, but unfortunately a lot of code disabled TLS
verification in PHP software.

Including eCommerce plugins.

Including eCommerce plugins that connect to Authorize.net payment gateways.

 _grimace_

However, no equivalent JavaScript solution exists for solving this problem.

I was concerned that a lot of the developers who used to write vulnerable PHP
code might also be working in the Electron/Cordova/etc. ecosystem today, and
if they retained any of their bad habits from their PHP + ext/curl days, their
products would be at risk.

So I decided to port this library to Node.js. Let me know what you think.

