View Issue Details

IDProjectCategoryView StatusLast Update
0006977Talerwallet-corepublic2023-12-22 14:21
ReporterFlorian Dold Assigned ToFlorian Dold  
PrioritynormalSeverityfeatureReproducibilityhave not tried
Status assignedResolutionopen 
Target Versionpost-1.0 
Summary0006977: make wallet-core more resistant against node supply chain attacks
DescriptionThe core wallet packages already have very few run-time dependencies.

However, the build process pulls in a huge number of packages.

We should restructure the build process so that it can also use ambient versions of the various executables instead of the ones shipped via NPM.
TagsNo tags attached.

Activities

Florian Dold

2021-08-04 17:55

manager   ~0018065

Might be a good idea to switch to https://github.com/evanw/esbuild to replace rollup and TypeScript.

Almost all of our run-time dependencies should be vendored.

Issue History

Date Modified Username Field Change
2021-08-04 17:47 Florian Dold New Issue
2021-08-04 17:47 Florian Dold Status new => assigned
2021-08-04 17:47 Florian Dold Assigned To => Florian Dold
2021-08-04 17:55 Florian Dold Note Added: 0018065
2022-10-20 12:04 Christian Grothoff Severity minor => feature
2023-02-20 00:42 Florian Dold Target Version => 1.0
2023-04-13 20:36 Florian Dold Category wallet (TS core) => wallet-core
2023-12-22 14:21 Christian Grothoff Target Version 1.0 => post-1.0