mimblewimble/grin

Limit exposure to dependencies weaknesses

Open

#2026 aperta il 27 nov 2018

Vedi su GitHub
 (5 commenti) (1 reazione) (0 assegnatari)Rust (991 fork)batch import
good first issuehelp wantedtask

Metriche repository

Star
 (4876 star)
Metriche merge PR
 (Merge medio 6g 11h) (25 PR mergiate in 30 g)

Descrizione

I think we've all had this in mind for quite a while but this was a direct reminder (widely used npm package with newly injected malicious code):

https://github.com/dominictarr/event-stream/issues/116

I don't think we should worry about auditing every single of our dependencies and Rust does a good job at protecting us from some of these attacks. At this stage I'm also not too worried about crates.io getting hacked. But I do think we should at least make sure every single of our dependency is pinned to a specific version.

Guida contributor