{"id":13425002,"url":"https://github.com/cs01/termpair","last_synced_at":"2026-04-01T22:45:09.588Z","repository":{"id":37692371,"uuid":"176058541","full_name":"cs01/termpair","owner":"cs01","description":"View and control terminals from your browser with end-to-end encryption πŸ”’","archived":false,"fork":false,"pushed_at":"2026-03-22T02:56:46.000Z","size":5783,"stargazers_count":1727,"open_issues_count":2,"forks_count":73,"subscribers_count":16,"default_branch":"main","last_synced_at":"2026-03-22T12:48:29.519Z","etag":null,"topics":["e2ee","end-to-end-encryption","fastapi","pty","rust","terminal","websocket","xtermjs"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cs01.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-03-17T05:04:10.000Z","updated_at":"2026-03-22T02:56:38.000Z","dependencies_parsed_at":"2022-08-13T17:30:25.221Z","dependency_job_id":null,"html_url":"https://github.com/cs01/termpair","commit_stats":null,"previous_names":[],"tags_count":26,"template":false,"template_full_name":null,"purl":"pkg:github/cs01/termpair","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cs01%2Ftermpair","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cs01%2Ftermpair/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cs01%2Ftermpair/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cs01%2Ftermpair/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cs01","download_url":"https://codeload.github.com/cs01/termpair/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cs01%2Ftermpair/sbom","scorecard":{"id":310461,"data":{"date":"2025-08-11","repo":{"name":"github.com/cs01/termpair","commit":"543d84af21e2892a8b6f177d1c397b88973b0e98"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.3,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/27 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build_executable.yml:1","Warn: no topLevel permission defined: .github/workflows/tests.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_executable.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/cs01/termpair/build_executable.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_executable.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/cs01/termpair/build_executable.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_executable.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/cs01/termpair/build_executable.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_executable.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/cs01/termpair/build_executable.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/cs01/termpair/tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/cs01/termpair/tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/cs01/termpair/tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/cs01/termpair/tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/cs01/termpair/tests.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating python:3.6 to python:3.6@sha256:f8652afaf88c25f0d22354d547d892591067aa4026a7fa9a6819df9f300af6fc","Warn: pipCommand not pinned by hash: Dockerfile:9","Warn: pipCommand not pinned by hash: Dockerfile:10","Warn: pipCommand not pinned by hash: .github/workflows/build_executable.yml:42","Warn: pipCommand not pinned by hash: .github/workflows/build_executable.yml:43","Warn: pipCommand not pinned by hash: .github/workflows/tests.yml:59","Warn: pipCommand not pinned by hash: .github/workflows/tests.yml:60","Warn: pipCommand not pinned by hash: .github/workflows/tests.yml:24","Warn: pipCommand not pinned by hash: .github/workflows/tests.yml:25","Info: 0 out of 9 GitHub-owned GitHubAction dependencies pinned","Info: 0 out of 1 containerImage dependencies pinned","Info: 0 out of 8 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.3.1.5 not signed: https://api.github.com/repos/cs01/termpair/releases/70007283","Warn: release artifact v0.3.1.4 not signed: https://api.github.com/repos/cs01/termpair/releases/48756367","Warn: release artifact v0.3.1.3 not signed: https://api.github.com/repos/cs01/termpair/releases/48719675","Warn: release artifact v0.3.1.2 not signed: https://api.github.com/repos/cs01/termpair/releases/48256200","Warn: release artifact v0.3.1.1 not signed: https://api.github.com/repos/cs01/termpair/releases/48254807","Warn: release artifact v0.3.1.5 does not have provenance: https://api.github.com/repos/cs01/termpair/releases/70007283","Warn: release artifact v0.3.1.4 does not have provenance: https://api.github.com/repos/cs01/termpair/releases/48756367","Warn: release artifact v0.3.1.3 does not have provenance: https://api.github.com/repos/cs01/termpair/releases/48719675","Warn: release artifact v0.3.1.2 does not have provenance: https://api.github.com/repos/cs01/termpair/releases/48256200","Warn: release artifact v0.3.1.1 does not have provenance: https://api.github.com/repos/cs01/termpair/releases/48254807"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 22 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"97 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-39hc-v87j-747x","Warn: Project is vulnerable to: GHSA-3ww4-gg4f-jr7f","Warn: Project is vulnerable to: GHSA-5cpq-8wj7-hf2v","Warn: Project is vulnerable to: GHSA-9v9h-cgj8-h64p","Warn: Project is vulnerable to: GHSA-h4gh-qq45-vh27","Warn: Project is vulnerable to: PYSEC-2023-254 / GHSA-jfhm-5ghh-2f97","Warn: Project is vulnerable to: GHSA-jm77-qphf-c4w8","Warn: Project is vulnerable to: GHSA-v8gr-m533-ghj9","Warn: Project is vulnerable to: GHSA-w7pp-m8wf-vj6r","Warn: Project is vulnerable to: GHSA-x4qr-2fvf-3mr5","Warn: Project is vulnerable to: PYSEC-2024-38","Warn: Project is vulnerable to: GHSA-vqfr-h8mv-ghfj","Warn: Project is vulnerable to: PYSEC-2024-60 / GHSA-jjg7-2v4v-x38h","Warn: Project is vulnerable to: GHSA-mr82-8j83-vxmv","Warn: Project is vulnerable to: GHSA-2c2j-9gv5-cj73","Warn: Project is vulnerable to: PYSEC-2023-48 / GHSA-74m5-2c7w-9w3x","Warn: Project is vulnerable to: GHSA-f96h-pmfr-66vw","Warn: Project is vulnerable to: PYSEC-2023-83 / GHSA-v5gw-mw7f-84px","Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25","Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw","Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-phwq-j96m-2c2q","Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6","Warn: Project is vulnerable to: GHSA-434g-2637-qmqr","Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m","Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw","Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p","Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747","Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh","Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h","Warn: Project is vulnerable to: GHSA-6h5x-7c5m-7cr7","Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc","Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx","Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c","Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc","Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27","Warn: Project is vulnerable to: GHSA-33f9-j839-rf8h","Warn: Project is vulnerable to: GHSA-c36v-fmgq-m8hx","Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22","Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq","Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488","Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-8hfj-j24r-96c4","Warn: Project is vulnerable to: GHSA-wc69-rhjr-hc9g","Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5","Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp","Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq","Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr","Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765","Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g","Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w","Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6","Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59","Warn: Project is vulnerable to: GHSA-566m-qj78-rww5","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p","Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-rqff-837h-mm52","Warn: Project is vulnerable to: GHSA-8v38-pw62-9cw2","Warn: Project is vulnerable to: GHSA-hgjh-723h-mx2j","Warn: Project is vulnerable to: GHSA-jf5r-8hm2-f872","Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6","Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v","Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T23:06:08.000Z","repository_id":37692371,"created_at":"2025-08-17T23:06:08.000Z","updated_at":"2025-08-17T23:06:08.000Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31292695,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T21:15:39.731Z","status":"ssl_error","status_checked_at":"2026-04-01T21:15:34.046Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["e2ee","end-to-end-encryption","fastapi","pty","rust","terminal","websocket","xtermjs"],"created_at":"2024-07-31T00:01:01.770Z","updated_at":"2026-04-01T22:45:09.579Z","avatar_url":"https://github.com/cs01.png","language":"TypeScript","readme":"\u003cp align=\"center\"\u003e\n\u003cimg src=\"logo.svg\" width=\"300\" alt=\"TermPair\"/\u003e\n\u003cbr\u003e\u003cbr\u003e\nView and control remote terminals from your browser with end-to-end encryption\n\u003cbr\u003e\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"termpair_share.png\" width=\"500\" alt=\"termpair share command\"/\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"termpair_browser.png\" width=\"600\" alt=\"termpair browser view\"/\u003e\n\u003c/p\u003e\n\n## Why TermPair?\n\n* **Zero-knowledge sharing** -- your terminal is end-to-end encrypted (AES-128-GCM). The server is a blind relay that never sees your data.\n* **One command to share** -- run `termpair share`, send the link. Anyone with the link watches your terminal live in their browser.\n* **Let others type** -- viewers can type in your terminal from the browser, or set `--read-only` to keep them watching.\n* **Public or private** -- private sessions are encrypted and link-only. Public sessions (`--public`) are listed on the landing page for anyone to discover and watch.\n* **Survive server restarts** -- if the server goes down, both sides automatically reconnect and resume where they left off.\n* **Single binary, no deps** -- one static binary bundles the server, client, and web frontend. No Node, no Python, no Docker required.\n* **Works anywhere** -- Linux, macOS, Windows. Share any terminal app: your shell, vim, htop, Claude Code, anything with a TTY.\n\n## Installation\n\n### Quick Install\n\n```\ncurl -fsSL https://raw.githubusercontent.com/cs01/termpair/main/install.sh | sh\n```\n\nInstalls to `~/.local/bin`. Customize with environment variables:\n\n```\nINSTALL_DIR=/usr/local/bin sh # custom install directory\nVERSION=v1.2.0 sh # specific version\n```\n\n### GitHub Releases\n\nDownload a prebuilt binary from the [releases page](https://github.com/cs01/termpair/releases). Available for Linux (x86_64, aarch64), macOS (x86_64, Apple Silicon), and Windows (x86_64).\n\n### Build from Source\n\n```\ngit clone https://github.com/cs01/termpair.git\ncd termpair/termpair-rs\ncargo build --release\ncp target/release/termpair ~/.local/bin/\n```\n\n## Usage\n\nStart the server:\n\n```\ntermpair serve\n```\n\nShare your terminal:\n\n```\ntermpair share\n```\n\nThis prints a URL containing a unique terminal ID and encryption key. Share it with whoever you want to give access. **Anyone with the link can access your terminal** while the session is running.\n\nBy default, `termpair share` runs your `$SHELL`. The server multicasts terminal output to all connected browsers.\n\n## How it Works\n\n```\nβ”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”\nβ”‚ β”‚ encrypted terminal output β”‚ β”‚\nβ”‚ Terminal │───────────────────────────────────▢│ Browser(s) β”‚\nβ”‚ (termpair β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ (xterm.js + β”‚\nβ”‚ share) │◀────────│ Server │─────────▢│ Web Crypto) β”‚\nβ”‚ β”‚ β”‚ (blind relay) β”‚ β”‚ β”‚\nβ”‚ - forks pty β”‚ encrypted browser input β”‚ - decrypts β”‚\nβ”‚ - encrypts I/O β”‚ β”‚ never sees β”‚ β”‚ output β”‚\nβ”‚ - manages keys β”‚ β”‚ plaintext β”‚ β”‚ - encrypts β”‚\nβ”‚ β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ input β”‚\nβ””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜\n```\n\nThe server is a blind relay -- it routes encrypted WebSocket messages without access to keys or plaintext.\nThe terminal client forks a pty, encrypts all output with AES-128-GCM, and decrypts browser input.\nBrowsers decrypt and render with [xterm.js](https://xtermjs.org/) + [Web Crypto API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API).\n\n### Encryption\n\nThree AES-128-GCM keys are created per session:\n\n1. **Output key** -- encrypts terminal output before sending to the server\n2. **Input key** -- encrypts browser input before sending to the server\n3. **Bootstrap key** -- delivered via the [URL hash fragment](https://developer.mozilla.org/en-US/docs/Web/API/HTMLAnchorElement/hash) (never sent to the server), used to securely exchange keys #1 and #2\n\nKeys are rotated after 2^20 messages. IVs are monotonic counters to prevent reuse.\n\nThe browser must be in a [secure context](https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts) (HTTPS or localhost).\n\n## Deployment\n\n### NGINX\n\n```nginx\nupstream termpair_app {\n server 127.0.0.1:8000;\n}\n\nserver {\n server_name myserver.com;\n listen 443 ssl;\n ssl_certificate fullchain.pem;\n ssl_certificate_key privkey.pem;\n\n location /termpair/ {\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n proxy_set_header Host $host;\n proxy_pass http://termpair_app/;\n proxy_http_version 1.1;\n proxy_set_header Upgrade $http_upgrade;\n proxy_set_header Connection \"upgrade\";\n }\n}\n```\n\n### systemd\n\n```ini\n# /etc/systemd/system/termpair.service\n[Unit]\nDescription=TermPair terminal sharing server\nAfter=network.target\n\n[Service]\nExecStart=/usr/local/bin/termpair serve --port 8000\nRestart=on-failure\nRestartSec=1s\n\n[Install]\nWantedBy=multi-user.target\n```\n\n```\nsudo systemctl daemon-reload\nsudo systemctl enable termpair.service\nsudo systemctl restart termpair\n```\n\n### TLS\n\nGenerate a self-signed certificate:\n\n```\nopenssl req -newkey rsa:2048 -nodes -keyout host.key -x509 -days 365 -out host.crt -batch\n```\n\nThen pass it to the server:\n\n```\ntermpair serve --certfile host.crt --keyfile host.key\n```\n\n## CLI Reference\n\n```\n$ termpair serve [OPTIONS]\n -p, --port \u003cPORT\u003e port to listen on [default: 8000]\n --host \u003cHOST\u003e host to bind to [default: localhost]\n -c, --certfile \u003cCERTFILE\u003e path to SSL certificate for HTTPS\n -k, --keyfile \u003cKEYFILE\u003e path to SSL private key for HTTPS\n\n$ termpair share [OPTIONS]\n --cmd \u003cCMD\u003e command to run [default: $SHELL]\n -p, --port \u003cPORT\u003e server port [default: 443]\n --host \u003cHOST\u003e server URL [default: https://chadsmith.dev/termpair]\n -r, --read-only prevent browsers from typing\n -b, --open-browser open the share link in a browser\n --public public session (no encryption, read-only)\n```\n\n## See Also\n\n**[sharemyclaude](https://github.com/cs01/sharemyclaude)** -- share your Claude Code session with a browser. Built on termpair, with a public relay server so you can share instantly without self-hosting.\n","funding_links":[],"categories":["Projects","TypeScript","Rust"],"sub_categories":["Open Source Projects"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcs01%2Ftermpair","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcs01%2Ftermpair","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcs01%2Ftermpair/lists"}