View Issue Details

IDProjectCategoryView StatusLast Update
0005319Talerwallet (WebExtensions)public2018-11-18 00:52
ReporterFlorian DoldAssigned ToFlorian Dold 
PrioritynormalSeverityminorReproducibilityhave not tried
Status assignedResolutionopen 
Product Version 
Target Version0.8Fixed in Version 
Summary0005319: compilation of wallet pulls in a ridiculous number of dependencies
DescriptionWhile the *runtime* dependencies of the wallet are relatively small, the compile time dependencies are numerous, due to the way that the JS ecosystem works (multiple compilers for transpilation, multiple build tools required, tiniest / single function packages).

The node_modules of the wallet thus contains 738 (!!!) dependencies right now, we should eventually aim to lower that number (possibly by switching out some of the biggest offending tools that we use), so that the wallet becomes more auditable.

Essentially every single of these dependencies has the potential to contain some malicious code, even it it is not at runtime it might (maliciously) mess up compilation.
TagsNo tags attached.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2018-04-09 02:37 Florian Dold New Issue
2018-04-09 02:37 Florian Dold Status new => assigned
2018-04-09 02:37 Florian Dold Assigned To => Florian Dold
2018-11-18 00:52 Christian Grothoff Target Version => 0.8