mimblewimble/grin

Limit exposure to dependencies weaknesses

Open

#2.026 aberto em 27 de nov. de 2018

Ver no GitHub
 (5 comments) (1 reaction) (0 assignees)Rust (991 forks)batch import
good first issuehelp wantedtask

Métricas do repositório

Stars
 (4.876 stars)
Métricas de merge de PR
 (Mesclagem média 6d 11h) (25 fundiu PRs em 30d)

Description

I think we've all had this in mind for quite a while but this was a direct reminder (widely used npm package with newly injected malicious code):

https://github.com/dominictarr/event-stream/issues/116

I don't think we should worry about auditing every single of our dependencies and Rust does a good job at protecting us from some of these attacks. At this stage I'm also not too worried about crates.io getting hacked. But I do think we should at least make sure every single of our dependency is pinned to a specific version.

Guia do colaborador