mimblewimble/grin

Limit exposure to dependencies weaknesses

Open

#2,026 opened on Nov 27, 2018

View on GitHub
 (5 comments) (1 reaction) (0 assignees)Rust (991 forks)batch import
good first issuehelp wantedtask

Repository metrics

Stars
 (4,876 stars)
PR merge metrics
 (Avg merge 6d 11h) (25 merged PRs in 30d)

Description

I think we've all had this in mind for quite a while but this was a direct reminder (widely used npm package with newly injected malicious code):

https://github.com/dominictarr/event-stream/issues/116

I don't think we should worry about auditing every single of our dependencies and Rust does a good job at protecting us from some of these attacks. At this stage I'm also not too worried about crates.io getting hacked. But I do think we should at least make sure every single of our dependency is pinned to a specific version.

Contributor guide