Comments (4)
Alternative solution: update dependencies of @scure/bip32, ed25519-keygen, micro-*-signer more often.
yeah that sounds better
GitHub still doesn't allow me to update ed25519-keygen though
from noble-curves.
That was done on purpose. My aim is to have much higher supply chain security than most other packages on NPM. This means that if you depend on [email protected], if my NPM account is hacked, you won't be affected by it.
So, this won't be changed.
This also forces to make releases less often. I don't want to release 1.3.0 and then 1.4.0 a few weeks later: there needs to be some time, because updating all dependents is tedious.
from noble-curves.
@paulmillr if your account is hacked then modified patch version can be published. It will be matched by ~
and ^
.
So the solution doesn't resolve security issue but increases bundle size (there are 3 versions of @noble/curves
in my project).
Alternative solution: update dependencies of @scure/bip32
, ed25519-keygen
, micro-*-signer
more often.
from noble-curves.
I'm looking forward to have deps updated and new ed25519-keygen
published.
from noble-curves.
Related Issues (20)
- Negative scalar multiplication with curve point (ed25519, ristretto255) HOT 1
- `htfOpts` not exposed in type definitions HOT 4
- `git clone` fails in Windows
- Add bitcoin as a topic to this repository
- Fp2.eql HOT 1
- EdDSA: add validate-after-sign HOT 3
- Fp.fromBytes does not mod-reduce by default HOT 2
- What is the difference between getSharedSecret and ECDH_compute_key HOT 1
- Same private keys generate different signatures HOT 1
- P256 signature verification was succeed with 2 public key. HOT 3
- Secure Curves in the Javascript Web Cryptography API - secp256k1, X25519, X448, Ed25519, Ed448 HOT 6
- Wrong signature is generated HOT 8
- seeded (instead of random) ed25519 private key generation? HOT 1
- x25519 encrypt/decrypt? HOT 1
- Signature::fromHex wrong in 1.3.0 HOT 4
- Default bls12_381 is incompatible with Ethereum beacon chain HOT 8
- Incompatibility with old bls12-381 library: not in prime-order subgroup HOT 3
- H2CPoint to ProjectivePoint HOT 2
- Montgomery sample code doesn't compile. (PR submitted) HOT 1
- G2 Curve Points for `bn254.sign()` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from noble-curves.