← all rings
runtime/ node/ runtime/ javascript

node-runtime/historic

Historic Node.js core authors and runtime contributors. Useful for runtime-level vulnerability disclosures where attribution must be provable but identity must remain private.

Members

Anyone of 5 could sign.

Each public key is derived deterministically from the contributor's public SSH listing on GitHub. You can reproduce the ring root by re-deriving members locally — the math should match what's shown here.

/ 01@rypk: 021fe166ecf9d02cef1018ed6a05240a676e89c19041ddad68744389cf7b304596
/ 02@isaacspk: 02f38daa1e5ef63fb197424169b40f6ef41a9dd00c62a46e70f1579b0d2b02f4c6
/ 03@piscisaureuspk: 0245aab8c8032eae1ffc4d478db6fe03675f9bce89b30b3439f0a9513c464df003
/ 04@bnoordhuispk: 020e616048d5f070a63155e9edcac16c1cfc072831ddf1ab10ede39d4acd3b02cf
/ 05@mojombopk: 0315dfde14a17d171f52b5d7eaa7da03f356b379580c3e10a41108f600b5bdfaa9
Recent ghosts

No ghosts yet.

When ring members ship anonymous commits, they show up here with their key images. Identity stays hidden — patterns of activity do not.

This ring has no anchored ghosts yet. Once a member runs gitghost commit inside a repo using this ring, the resulting key images appear here.
Use this ring

Reproduce locally.

You can recreate this ring exactly. Run the snippet on the right inside any git repo, and the resulting .gitghost/ring.json will hash to the same ring root.

CLI snippet~/repo
# add yourself, then add the same members:
gitghost init "node-runtime/historic"
gitghost ring add-self
gitghost ring add ry
gitghost ring add isaacs
gitghost ring add piscisaureus
gitghost ring add bnoordhuis
gitghost ring add mojombo

# verify the resulting ring root matches:
# expected ring root: bafkreie0826365e67cd2629a1a59205fc458e35c7553f3188f3f6222be
ring.jsoncanonical
{
  "version": 1,
  "name": "node-runtime/historic",
  "context": "29c06a81a36a4d814ccfbde0c61558341970a1a1e2a6c4e0b14dc807eee5f56c",
  "members": [
    {
      "github": "ry",
      "publicKey": "021fe166ecf9d02cef1018ed6a05240a676e89c19041ddad68744389cf7b304596",
      "source": "github"
    },
    {
      "github": "isaacs",
      "publicKey": "02f38daa1e5ef63fb197424169b40f6ef41a9dd00c62a46e70f1579b0d2b02f4c6",
      "source": "github"
    },
    {
      "github": "piscisaureus",
      "publicKey": "0245aab8c8032eae1ffc4d478db6fe03675f9bce89b30b3439f0a9513c464df003",
      "source": "github"
    },
    {
      "github": "bnoordhuis",
      "publicKey": "020e616048d5f070a63155e9edcac16c1cfc072831ddf1ab10ede39d4acd3b02cf",
      "source": "github"
    },
    {
      "github": "mojombo",
      "publicKey": "0315dfde14a17d171f52b5d7eaa7da03f356b379580c3e10a41108f600b5bdfaa9",
      "source": "github"
    }
  ],
  "createdAt": 0
}
Disclosure

Public-key-derived ring. Listed users have public SSH keys on GitHub but have not endorsed gitghost. The ring is reproducible from public data.