View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006977 | Taler | wallet-core | public | 2021-08-04 17:47 | 2025-04-18 00:10 |
| Reporter | Florian Dold | Assigned To | |||
| Priority | normal | Severity | feature | Reproducibility | have not tried |
| Status | confirmed | Resolution | open | ||
| Target Version | post-1.0 | ||||
| Summary | 0006977: make wallet-core more resistant against node supply chain attacks | ||||
| Description | The core wallet packages already have very few run-time dependencies. However, the build process pulls in a huge number of packages. We should restructure the build process so that it can also use ambient versions of the various executables instead of the ones shipped via NPM. | ||||
| Tags | security | ||||
|
|
Might be a good idea to switch to https://github.com/evanw/esbuild to replace rollup and TypeScript. Almost all of our run-time dependencies should be vendored. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2021-08-04 17:47 | Florian Dold | New Issue | |
| 2021-08-04 17:47 | Florian Dold | Status | new => assigned |
| 2021-08-04 17:47 | Florian Dold | Assigned To | => Florian Dold |
| 2021-08-04 17:55 | Florian Dold | Note Added: 0018065 | |
| 2022-10-20 12:04 | Christian Grothoff | Severity | minor => feature |
| 2023-02-20 00:42 | Florian Dold | Target Version | => 1.0 |
| 2023-04-13 20:36 | Florian Dold | Category | wallet (TS core) => wallet-core |
| 2023-12-22 14:21 | Christian Grothoff | Target Version | 1.0 => post-1.0 |
| 2025-04-18 00:10 | Christian Grothoff | Tag Attached: security | |
| 2025-04-18 00:10 | Christian Grothoff | Assigned To | Florian Dold => |
| 2025-04-18 00:10 | Christian Grothoff | Status | assigned => confirmed |
