https://github.com/notwindstone/noctis

[wip] spotify api, youtube music api, yandex music api, soundcloud api
https://github.com/notwindstone/noctis

Last synced: 10 months ago
JSON representation

[wip] spotify api, youtube music api, yandex music api, soundcloud api

• Host: GitHub
• URL: https://github.com/notwindstone/noctis
• Owner: notwindstone
• Created: 2024-06-20T16:01:47.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2025-07-05T15:30:34.000Z (12 months ago)
• Last Synced: 2025-07-05T16:39:49.311Z (12 months ago)
• Language: TypeScript
• Homepage:
• Size: 1.06 MB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
local-first app based on the webview

## tech stack

### desktop

- Wails

- TypeScript

- Svelte 5

- UnoCSS with presetWind3

- TypeBox

- https://github.com/kitschpatrol/svelte-tweakpane-ui

### mobile

Probably Jetpack Compose with the Kotlin, but... do we really need it? There is plenty of options there, maybe we can either fork some app or abandon an idea for making a mobile app

## plan

### yt-dlp

Add a way to download music from the YouTube

**Current implementation idea:** tbd

**Results:** tbd

### music formats and conversion

Try to support as many file formats as possible, like FLAC, WAV, M4A, MP3, etc.

Also implement a functionality to convert music formats locally

**Current implementation idea:** tbd

**Results:** tbd

### extensions

JS code can be dynamically fetched from somewhere and then executed with the `new Function(JS_CODE_AS_STRING)`. That is a key idea for implementing user plugin system. Plugins can communicate with the host app and each other through `window.postMessage`, and the variables can be shared using the `window` object. JS code can also handle applying CSS styles, adding DOM nodes, etc. Any fully CSR JS framework will work perfectly.

The biggest concern here is the security. Even if the `new Function` can't access local variables and runs in a different scope (unlike `eval`), it still has a lot (and I mean really a lot) of other security issues. Executing an unknown code (especially with the access to the filesystem) is a **horrible** thing

Unfortunately, if VSCode, Obsidian, Vencord and other apps can't implement a secure user plugin system, I won't be able to do it too. It's either functionality or security, not both

**Current implementation idea:** An extension repository that hosts moderated plugin versions. Moderation will require only a source code and, if differs from usual, build manual. Plugins will run only once on application load, without blocking the main thread

**Results:** custom elements, insane UI customization, etc.

## design

tbd

## testing

- vitest

- playwright