chore: Update dependencies and fix security vulnerabilities

.github/dependabot.yml

@@ -1,6 +1,17 @@
 version: 2
 updates:
-  - package-ecosystem: "npm" # See documentation for possible values
-    directory: "/" # Location of package manifests
+  - package-ecosystem: "npm"
+    directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
+    target-branch: "main"
+    open-pull-requests-limit: 10
+    groups:
+      eslint:
+        patterns:
+          - "eslint"
+          - "@eslint/js"
+      rollup:
+        patterns:
+          - "rollup"
+          - "@rollup/*"

.github/workflows/codeql-analysis.yml

@@ -13,12 +13,12 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ master ]
+    branches: [ main ]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ master ]
+    branches: [ main ]
   schedule:
-    - cron: '45 11 * * 3'
+    - cron: '0 14 * * 1'
 
 jobs:
   analyze:
@@ -43,7 +43,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -54,7 +54,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -68,4 +68,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v3

.github/workflows/node.js.yml

@@ -5,9 +5,9 @@ name: Node.js CI
 
 on:
   push:
-    branches: [ master ]
+    branches: [ main ]
   pull_request:
-    branches: [ master ]
+    branches: [ main ]
 
 jobs:
   build:
@@ -16,13 +16,13 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [12.x, 14.x, 16.x]
+        node-version: [22.x, 24.x]
         # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v2
+      uses: actions/setup-node@v4
       with:
         node-version: ${{ matrix.node-version }}
         cache: 'npm'

Dockerfile

@@ -1,6 +1,16 @@
-FROM keymetrics/pm2:16-alpine
-COPY . /usr/src/app
+FROM node:22-alpine
+
 WORKDIR /usr/src/app
+
+# Copy package.json and package-lock.json first for better caching
+COPY package*.json ./
 RUN npm install --no-cache --production
+
+# Copy the rest of the application
+COPY . .
+
+# Expose the port the app runs on
 EXPOSE 8080
-CMD [ "pm2-runtime", "start", "pm2.json" ]
+
+# Run the application using npm start
+CMD ["npm", "start"]

LICENSE.md

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2014-2021 Hexagon <github.com/Hexagon>
+Copyright (c) 2025 runbgp <github.com/runbgp>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -19,4 +19,3 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
-

README.md

@@ -1,79 +1,61 @@
 ![cryptalk](/screenshot.png)
 
-![Node.js CI](https://github.com/Hexagon/cryptalk/workflows/Node.js%20CI/badge.svg?branch=master)
-[![npm version](https://badge.fury.io/js/cryptalk.svg)](https://badge.fury.io/js/cryptalk)
+![Node.js CI](https://github.com/runbgp/cryptalk/actions/workflows/node.js.yml/badge.svg)
+[![Codacy Badge](https://app.codacy.com/project/badge/Grade/b96b4b6aa6df417aafd3d823a722e30f)](https://app.codacy.com/gh/runbgp/cryptalk/dashboard?utm_source=gh&utm_medium=referral&utm_content=&utm_campaign=Badge_grade)
 [![License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE.md)
-[![Codacy Badge](https://app.codacy.com/project/badge/Grade/753ef40cec1747c2b5025f834635375b)](https://www.codacy.com/gh/Hexagon/cryptalk/dashboard?utm_source=github.com&utm_medium=referral&utm_content=Hexagon/cryptalk&utm_campaign=Badge_Grade)
 
 # Cryptalk
 
-Cyptalk is a HTML5/Node.js based, client side (E2EE) encrypted instant chat
+**Cryptalk** is a client-side (E2EE) encrypted instant chat application built on HTML5 and Node.js. 
+
+This project is a fork of [Hexagon's Cryptalk](https://github.com/Hexagon/cryptalk) and is actively maintained. It has been updated to support Node.js 22 and includes the latest packages.
 
 ## Features
 
 *   Client side AES-256-CBC encryption/decryption (the server is just a messenger)
 *   256 bit key derived from your passphrase using PBKDF2
-*   Messages torched after a configurable delay, default is 600s.
-*   Simple setup using npm, Docker or Heroku
+*   Messages torched after a configurable delay (default is 600s)
+*   Simple setup using Docker or Heroku
 *   Notification sounds (mutable)
 *   Native popup notifications
 *   Configurable page title
-*   Nicknames, optional.
-*   Quick-links using http://server/#Room:Passphrase, optional and insecure
+*   Nicknames (optional)
+*   Quick-links using http://server/#Room:Passphrase (optional and insecure)
 
-## Installing
+## Deployment
 
-### Docker setup
+### Docker
 
-To run latest cryptalk with docker, exposed on host port 80, simply run the following command to pull it from docker hub
+To run latest cryptalk with Docker, exposed on host port 80, simply run the following command to pull it from GitHub Container registry:
 
 ```bash
-sudo docker run -d --restart=always -p 80:8080 hexagon/cryptalk
+sudo docker run -d --restart=unless-stopped -p 80:8080 ghcr.io/runbgp/cryptalk
 ```
 
-### Heroku setup 
+### Heroku 
 
 Click the button below
 
-[![Deploy](https://www.herokucdn.com/deploy/button.png)](https://heroku.com/deploy?template=https://github.com/hexagon/cryptalk)
+[![Deploy](https://www.herokucdn.com/deploy/button.png)](https://heroku.com/deploy?template=https://github.com/runbgp/cryptalk)
 
-### Docker setup without using docker hub
+### Docker build
 
 Clone this repo, enter the new directory.
 
-Build image
+Build the image
 ```bash
-docker build . --tag="hexagon/cryptalk"
+docker build . --tag="runbgp/cryptalk"
 ```
 
 Run container, enable start on boot, expose to port 80 at host
 ```bash
-sudo docker run -d --restart=always -p 80:8080 hexagon/cryptalk
+sudo docker run -d --restart=always -p 80:8080 runbgp/cryptalk
 ```
 
 Browse to ```http://<ip-of-server>/```
 
 Done!
 
-### npm setup
-
-Install node.js, exact procedure is dependant on platform and distribution.
-
-Install the app from npm
-```bash
-npm install cryptalk -g
-````
-
-Then issue the following to start the app
-
-```bash
-cryptalk
-```
-
-Browse to ```http://localhost:8080```
-
-Done!
-
 ## Usage
 
 ```
@@ -114,11 +96,11 @@ to prevent browsers from keeping history or cache.
 
 ## Development
 
-Install node.js (development require >=12.0), exact procedure is dependant on platform and distribution.
+Install node.js (development requires >=18.0), exact procedure is dependant on platform and distribution.
 
 Clone this repo
 ```bash
-git clone https://github.com/Hexagon/cryptalk.git
+git clone https://github.com/runbgp/cryptalk.git
 cd cryptalk
 ```
 
@@ -127,7 +109,7 @@ Pull dependencies from npm
 npm install
 ```
 
-Start server
+Start the server
 ```bash
 npm run start
 ```

SECURITY.md

@@ -2,11 +2,11 @@
 
 ## Supported Versions
 
-| Version | Supported          |
+| Version | Status             |
 | ------- | ------------------ |
-| 4.0.x   | :white_check_mark: |
-| < 4.0   | :x:                |
+| 1.3.x   | ✅ Supported       |
+| < 1.3   | ❌ Not Supported    |
 
 ## Reporting a Vulnerability
 
-Email hexagon@56k.guru. Do NOT report an issue, we will have a look at it asap.
+If you discover a vulnerability, please report it via email to [runbgp@ix0.io](mailto:runbgp@ix0.io). Do not create an issue in the repository; we will address your report as soon as possible.

app.json

@@ -12,5 +12,5 @@
     "chat",
     "e2ee"
   ],
-  "repository": "https://github.com/Hexagon/cryptalk"
+  "repository": "https://github.com/runbgp/cryptalk"
 }

client/source/settings.js

@@ -15,7 +15,7 @@ export default {
 		'░          ░░   ░ ▒ ▒ ░░  ░░         ░        ░   ▒     ░ ░   ░ ░░ ░  \n' +
 		'░ ░         ░     ░ ░                             ░  ░    ░  ░░  ░    \n' +
 		'░                 ░ ░                                                 \n' +
-		'                                  https://github.com/hexagon/cryptalk \n' +
+		'                                  https://github.com/runbgp/cryptalk  \n' +
 		'                                                                      \n' +
 		' Tip of the day: /help                                                \n' +
 		'----------------------------------------------------------------------' +

eslint.config.js

@@ -0,0 +1,31 @@
+import js from '@eslint/js';
+import globals from 'globals';
+
+export default [
+  js.configs.recommended,
+  {
+    languageOptions: {
+      ecmaVersion: 2020,
+      sourceType: 'module',
+      globals: {
+        ...globals.browser,
+        ...globals.node,
+        ...globals.commonjs,
+        ...globals.amd
+      }
+    },
+    rules: {
+      'indent': ['error', 'tab'],
+      'linebreak-style': 0,
+      'quotes': ['error', 'single'],
+      'semi': ['error', 'always'],
+      'eqeqeq': ['error', 'always'],
+      'no-undef': ['warn'],
+      'no-console': ['warn']
+    },
+    ignores: [
+      'client/public/js/cryptalk.min.js',
+      'node_modules/**'
+    ]
+  }
+];