View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005319 | Taler | wallet (WebExtension) | public | 2018-04-09 02:37 | 2021-08-24 16:23 |
| Reporter | Florian Dold | Assigned To | Florian Dold | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | not fixable | ||
| Product Version | git (master) | ||||
| Target Version | 0.7.1 | Fixed in Version | 0.7.1 | ||
| Summary | 0005319: compilation of wallet pulls in a ridiculous number of dependencies | ||||
| Description | While the *runtime* dependencies of the wallet are relatively small, the compile time dependencies are numerous, due to the way that the JS ecosystem works (multiple compilers for transpilation, multiple build tools required, tiniest / single function packages). The node_modules of the wallet thus contains 738 (!!!) dependencies right now, we should eventually aim to lower that number (possibly by switching out some of the biggest offending tools that we use), so that the wallet becomes more auditable. Essentially every single of these dependencies has the potential to contain some malicious code, even it it is not at runtime it might (maliciously) mess up compilation. | ||||
| Tags | No tags attached. | ||||
|
|
After gathering some more experience with the JavaScript ecosystem, I can say that fixing this is not really feasible. Some dependencies of the wallet have been simplified though. Instead of using webpack (for the WebExtension), rollup (for Android) and gulp (with all its plugins), we now only use rollup. Other dependencies we use are not actively involved in compilation, such as eslint (linter), nyc/istanbul (coverage), ava (unit tests), and so on. We need these, and the way that the JS works is to pull these in as devDependencies for every project that needs them. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2018-04-09 02:37 | Florian Dold | New Issue | |
| 2018-04-09 02:37 | Florian Dold | Status | new => assigned |
| 2018-04-09 02:37 | Florian Dold | Assigned To | => Florian Dold |
| 2018-11-18 00:52 | Christian Grothoff | Target Version | => 0.8 |
| 2020-04-07 17:17 | Florian Dold | Status | assigned => resolved |
| 2020-04-07 17:17 | Florian Dold | Resolution | open => not fixable |
| 2020-04-07 17:17 | Florian Dold | Note Added: 0015556 | |
| 2020-04-11 18:53 | Christian Grothoff | Product Version | => git (master) |
| 2020-04-11 18:53 | Christian Grothoff | Fixed in Version | => 0.7.1 |
| 2020-04-11 18:53 | Christian Grothoff | Target Version | 0.8 => 0.7.1 |
| 2021-08-24 16:23 | Christian Grothoff | Status | resolved => closed |
| 2023-04-13 20:37 | Florian Dold | Category | wallet (WebExtensions) => wallet (WebExtension) |
