mimblewimble/grin

Limit exposure to dependencies weaknesses

Open

#2 026 ouverte le 27 nov. 2018

Voir sur GitHub
 (5 commentaires) (1 réaction) (0 assignés)Rust (991 forks)batch import
good first issuehelp wantedtask

Métriques du dépôt

Stars
 (4 876 stars)
Métriques de merge PR
 (Merge moyen 6j 11h) (25 PRs mergées en 30 j)

Description

I think we've all had this in mind for quite a while but this was a direct reminder (widely used npm package with newly injected malicious code):

https://github.com/dominictarr/event-stream/issues/116

I don't think we should worry about auditing every single of our dependencies and Rust does a good job at protecting us from some of these attacks. At this stage I'm also not too worried about crates.io getting hacked. But I do think we should at least make sure every single of our dependency is pinned to a specific version.

Guide contributeur