mimblewimble/grin

Limit exposure to dependencies weaknesses

Open

#2.026 geöffnet am 27. Nov. 2018

Auf GitHub ansehen
 (5 Kommentare) (1 Reaktion) (0 zugewiesene Personen)Rust (991 Forks)batch import
good first issuehelp wantedtask

Repository-Metriken

Stars
 (4.876 Stars)
PR-Merge-Metriken
 (Durchschn. Merge 6T 11h) (25 gemergte PRs in 30 T)

Beschreibung

I think we've all had this in mind for quite a while but this was a direct reminder (widely used npm package with newly injected malicious code):

https://github.com/dominictarr/event-stream/issues/116

I don't think we should worry about auditing every single of our dependencies and Rust does a good job at protecting us from some of these attacks. At this stage I'm also not too worried about crates.io getting hacked. But I do think we should at least make sure every single of our dependency is pinned to a specific version.

Contributor Guide