View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0005319||Taler||wallet (WebExtensions)||public||2018-04-09 02:37||2018-11-18 00:52|
|Reporter||Florian Dold||Assigned To||Florian Dold|
|Priority||normal||Severity||minor||Reproducibility||have not tried|
|Target Version||0.8||Fixed in Version|
|Summary||0005319: compilation of wallet pulls in a ridiculous number of dependencies|
|Description||While the *runtime* dependencies of the wallet are relatively small, the compile time dependencies are numerous, due to the way that the JS ecosystem works (multiple compilers for transpilation, multiple build tools required, tiniest / single function packages).|
The node_modules of the wallet thus contains 738 (!!!) dependencies right now, we should eventually aim to lower that number (possibly by switching out some of the biggest offending tools that we use), so that the wallet becomes more auditable.
Essentially every single of these dependencies has the potential to contain some malicious code, even it it is not at runtime it might (maliciously) mess up compilation.
|Tags||No tags attached.|