Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insecure dependencies are used: Switch to newer, audited dependencies #742

Open
paulmillr opened this issue Feb 16, 2023 · 3 comments
Open

Insecure dependencies are used: Switch to newer, audited dependencies #742

paulmillr opened this issue Feb 16, 2023 · 3 comments
Labels
new-bug Bug report that needs triage Team Lamprey

Comments

@paulmillr
Copy link

  • js-sha256, js-sha3, js-sha512 - can be replaced with noble-hashes, which were audited and developed with a grant from Ethereum Foundation
  • tweetnacl - can be replaced with noble-curves which uses noble-hashes
  • hi-base32 - can be replaced with audited scure-base

All of the packages are as minimal as possible, support esm, source maps, typescript, etc.
@paulmillr paulmillr added the new-bug Bug report that needs triage label Feb 16, 2023
This was referenced Feb 16, 2023
Open
Open
@jasonpaulos
Copy link
Member

@paulmillr you are the author of these libraries? I see that noble-hashes and scure-base have been audited, but noble-curves has not?

@paulmillr
Copy link
Author

@jasonpaulos yeah. I am hoping to publish the curves audit soon as well.

@paulmillr
Copy link
Author

curves have been audited, so all good for now

@Eric-Warehime Eric-Warehime mentioned this issue May 8, 2023
Closed
@paulmillr paulmillr changed the title Switch to newer, audited dependencies Insecure dependencies are used: Switch to newer, audited dependencies May 8, 2023
@paulmillr paulmillr mentioned this issue Sep 24, 2023
Open
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
new-bug Bug report that needs triage Team Lamprey
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@winder @paulmillr @jasonpaulos and others