2018-10-20 15:30 CEST

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0005319Talerwallet (WebExtensions)public2018-04-09 02:37
ReporterFlorian Dold 
Assigned ToFlorian Dold 
PrioritynormalSeverityminorReproducibilityhave not tried
Product Version 
Target VersionFixed in Version 
Summary0005319: compilation of wallet pulls in a ridiculous number of dependencies
DescriptionWhile the *runtime* dependencies of the wallet are relatively small, the compile time dependencies are numerous, due to the way that the JS ecosystem works (multiple compilers for transpilation, multiple build tools required, tiniest / single function packages).

The node_modules of the wallet thus contains 738 (!!!) dependencies right now, we should eventually aim to lower that number (possibly by switching out some of the biggest offending tools that we use), so that the wallet becomes more auditable.

Essentially every single of these dependencies has the potential to contain some malicious code, even it it is not at runtime it might (maliciously) mess up compilation.
TagsNo tags attached.
Attached Files

-Relationships Relation Graph ] Dependency Graph ]

There are no notes attached to this issue.

-Issue History
Date Modified Username Field Change
2018-04-09 02:37 Florian Dold New Issue
2018-04-09 02:37 Florian Dold Status new => assigned
2018-04-09 02:37 Florian Dold Assigned To => Florian Dold
+Issue History