JS Bin has had it's "regular" registration removed due to aggressive abuse by spammers.

If, however you still can't register with JS Bin through github, I can manually add your email address to a whitelist that will let you through the regular registration.

However this will only be available to users who have a proven history on the internet, and I'll be looking to github history first. Think of it like the ebay reputation: if you're new, then it's going to weigh against you.

Also, this is entirely a manual process and will only happen during new releases. If this becomes too much of a drain, I will remove the functionality, or if this is abused by users requesting access when they actually already have a github account and could use that, I'll also remove the functionality. It's entirely up to you.

To apply for this whitelist you need to do at least two things:

1. Comment on this thread with who you are, and that you've tried to sign in with github and any extra background that proves you're a good citizen of the web!
2. DM the @js_bin twitter account with your email address and the link to your comment on this thread.

If you don't include the link to your comment on the thread, your request will be ignored.

Sorry, lots of rules, but it's just me running the show!

So, here's the situation: spammers have filled the database with crud to 100% capacity. I woke up this morning at 6am to a few tweets and emails from users notifying me of this:

https://twitter.com/eggheadio/status/580925169671127041

I've got the start of a script that identifies spam users, but there's nothing consistent in the spammy bins (though usually they don't have any CSS or JS).

The bigger problem is: I'm solo parenting my two young kids over the next 2 days and I don't have time to fix this. This sucks, but my kids come first.

So, I'm calling on you - can you help?

I reckon this is one approach:

1. Flag all spammy users (they come from a small subset of email domains) (script included below).
2. Get all bins from spammy users and delete them
3. Find bins that have HTML over a certain size... 2k? and no JS (so it's roughly fitting a profile) and has anonymous URL structure (url.length > 6) and remove.

This is a aggressive, but the disk space is at capacity and saving doesn't work at all right now.

Constraints:

1. The database is >15million records, so you can't just do a massive delete query, it needs to find records in chunks and needs to ideally remove individually.
2. User should be flagged with UPDATE ownership SET flagged=1 WHERE name="bad-guy"

Notes:

1. User table is called ownership
2. User bin tables is called owners - yes, I know, shit names
3. Bins are stored in sandbox

var Sequelize = require('sequelize');
var sequelize = new Sequelize('database', 'root', 'password');

var spammy = ['spam-email.com'];

sequelize.query("SELECT * FROM `ownership`", { type: sequelize.QueryTypes.SELECT})
  .then(function(users) {
    var targets = users.filter(function (user) {
      var match = spammy.filter(function (spam) {
        return (user.email.indexOf('@' + spam) !== -1)
      });
      return match.length > 0;
    });

    targets.forEach(function (spam) {

    });

console.log(targets.length);
  })

JS Bin v3 was written to support preprocessors. It's pretty simple to add new ones: https://github.com/remy/jsbin/commit/0fdf06

I originally imaged that I could get SASS working locally, but I'm not 100% convinced.

I wanted to put this out to the public as to which preprocessors you think should be supported by default (note that "by default" means you'll be able to write plugins for jsbin that add new preprocessors - along with other things).

Current thinking:

• HAML (using ported JS version)
• Jade?
• SASS (if possible)

Anything else? Are these bad ideas? I know jsfiddle has support for JavaScript 1.7 - is there demand for that too?

I think this will be necessary.

Desperately need someone who knows what they're doing with nginx to route all static content through nginx and route dynamic content to the node server.

Please get in touch if you think you can help!

Edit

I should also add that WebSockets and EventStreams (i.e. persistent connections) are made to the Node server - so I'm expecting nginx would hand over those requests, rather than proxy them through itself? Like I said - I've not used nginx at all, so this may all be obvious to someone else!

So due to overwhelming feedback, it looks like the ownership urls will look like this:

http://jsbin.com/remy/canvas/12/edit

The aim is to have a login-less system, where you can set your home location - in this case remy. When you save or clone a new bin it will automatically get associated with your home location.

You will be able to navigate to:

http://jsbin.com/remy/list

And it will show a list of those associated bins saved. Perhaps with a preview option (which I've gone ahead and already made).

Note that there's nothing stopping someone from setting their home to remy too - I'm okay with that as it's a feature of the login-less system. To be honest, this is a pro-user type feature anyway, average devs probably won't use this feature.

Questions that remain are:

1. If you set a home location, should this appear in the url all the time? (as per the link above).
2. Should the home location in fact be invisible - and just jsbin.com/list show the associated bins?
3. If home locations are invisible, it would be easy to forget that the location isn't set at all.
4. There will be a way to disown a bin from a home location.
5. If we do have home visible, when you navigate to jsbin.com it will redirect you to your home location automatically.

Any other things that should be considered here?

Hello,

Recently I have been having issues exporting my workspaces as Gists. A few months ago I use to be able to export a gist and it would appear GitHub with my account. Now when I "Export as Gist" the Gist appears as Anonymous even when I am logged in with my linked GitHub account.

This issue is common across several computers, browsers and with other users.

The /etc/default/varnish config:

# Configuration file for varnish
#
# /etc/init.d/varnish expects the variables $DAEMON_OPTS, $NFILES and $MEMLOCK
# to be set from this shell script fragment.
#

# Maximum number of open files (for ulimit -n)
NFILES=131072

# Maximum locked memory size (for ulimit -l)
# Used for locking the shared memory log in memory.  If you increase log size,
# you need to increase this number as well
MEMLOCK=82000

# Default varnish instance name is the local nodename.  Can be overridden with
# the -n switch, to have more instances on a single server.
INSTANCE=$(uname -n)

# This file contains 4 alternatives, please use only one.

## Alternative 1, Minimal configuration, no VCL
#
# Listen on port 6081, administration on localhost:6082, and forward to
# content server on localhost:8080.  Use a 1GB fixed-size cache file.
#
# DAEMON_OPTS="-a :6081 \
#              -T localhost:6082 \
#            -b localhost:8080 \
#            -u varnish -g varnish \
#            -S /etc/varnish/secret \
#            -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"


## Alternative 2, Configuration with VCL
#
# Listen on port 6081, administration on localhost:6082, and forward to
# one content server selected by the vcl file, based on the request.  Use a 1GB
# fixed-size cache file.
#
DAEMON_OPTS="-a :6081 \
             -T localhost:6082 \
             -f /etc/varnish/default.vcl \
             -S /etc/varnish/secret \
             -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"

My own defaults.vcl:

# node is the defalut
backend default {
   .host = "127.0.0.1";
   .port = "8000";
   .connect_timeout = 1s;
   .first_byte_timeout = 2s;
   .between_bytes_timeout = 60s;
   .max_connections = 800;
}

# nginx is running on port 80
backend nginx {
   .host = "127.0.0.1";
   .port = "81";
   .connect_timeout = 5s;
   .first_byte_timeout = 30s;
   .between_bytes_timeout = 60s;
   .max_connections = 800;
}

sub vcl_recv {
    if (req.http.host ~ "^static.jsbin.com") {
       set req.backend = nginx;
       return (lookup);
    }

    if (req.http.Accept) {
       if (req.http.Accept ~ "text/event-stream") {
         return (pipe);
       }
    }


    return (pass);
}

sub vcl_miss {
  if ( req.backend != nginx ) {
    set bereq.first_byte_timeout = 1m;
  }
}

Varnish is running as the following (result of ps):

root      6331     1  0 07:50 ?        00:00:00 varnishd -f /etc/varnish/default.vcl -s malloc,1G -T 127.0.0.1:2000
nobody    6332  6331  0 07:50 ?        00:00:55 varnishd -f /etc/varnish/default.vcl -s malloc,1G -T 127.0.0.1:2000

I'm trying to install jsbin using the command:

npm install -g jsbin

My first error was issue #338, which I resolved by adding Git (/bin) to my PATH. Then I hit the issue with bcrypt #94, which I solved by installing OpenSSL-Win32 (and OpenSSL-Win64 for good measure) and adding them (/lib and /bin) to my PATH.

From there, I updated my Python 2.7.3 to 2.75. I installed SQLite WIndows (and sqlite3 in node). I already had the Windows 7.1 SDK and Visual Studio 2010 and Visual Studio 2012 installed, but I also installed the C++ 2005, 2008, 2010 and 2012 (x86 and 84) libraries. I ran Windows Update. I also installed the Visual Studio 2010 C++ Express edition as recommended by other posts.

Nothing so far has prevailed. I should note I can install various other packages without issue (Grunt, Brunch, Yeoman, etc).

This is the result of my last attempt, running:

npm -dd install -g jsbin

Any hope?

NOTE: the npm-debug.log does not appear to fully reflect all of the errors I see in the command prompt (which I cannot see all of much less copy/paste, because this is Windows). Nonetheless, log begins: https://gist.github.com/3805457

@remybach can you send me the step it's failing on.

You need to open you devtools and watch the network access, then post the result for the sethome request (inside that JSON response is the step it failed at which might help myself and @aron find the source of the issue).

It should look something like this:

On jsbin.com, after I press login and login or register via github, nothing happens, it just returns me back to homepage with the yellow login or register button still there.

When I did it first time, it did actually ask me for rights, after I confirmed them, it threw me back to index without registering or logging me in and this has been happening ever since(minus that rights step).

I really can't make heads or tails of the JS Bin version numbers. I can see if I hit Ctrl+S, it generates a new version, but it also increases the version number for other actions that I have been unable to identify.

I end up with countless versions that serve no purpose. Also, I like to keep a separate window open to test the result in a full browser window. But the version keeps changing and I'm chasing errors until I figure out the version (and URL) changed again.

Also, is there even a way to delete unnecessary versions?

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- | 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 | Prototype Poisoning
SNYK-JS-QS-3153490 | No | Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Poisoning

Looks like old snapshots are cached somehow and you cannot save new changes. Also, the menu crashes on mobile. Quite a big mess this site, I wouldn't trust it with my code to see that my changes haven't been saved or are somewhere hidden

I went to register on the site:

https://jsbin.com/register

I noticed when this message came up:

I am so sorry, but only sign in via Github is accepted now. If you have trid to register through Github already and cannot get in, please see this thread for an alternative method.

tried is spelled wrong.

(I realize this isn't an issue with jsbin's source code, but couldn't find a contact on the jsbin site)

During attempt of payment, instead payment completed, I got message about Stripe “intent” functionality needed to proceed with payment (probably something with 3Ds payment confirmation, but I am not sure). Please, could you add option to pay via PayPal? It looks like this issue will be fixed in 1,000 years or never, so PayPal is much quicker solution. I want to pay for upgrade, and I am denied. That is insane.

The Add Library button doesn't work the way expected. It prepends the script tag to the html output instead of putting it into . Problem also described and solved here - https://stackoverflow.com/questions/53323843/how-to-make-lodash-import-in-jsbin