Comments (4)
paulmillr
commented on June 16, 2024
1
Alternative solution: update dependencies of @scure/bip32, ed25519-keygen, micro-*-signer more often.
yeah that sounds better
GitHub still doesn't allow me to update ed25519-keygen though
from noble-curves.
paulmillr
commented on June 16, 2024
That was done on purpose. My aim is to have much higher supply chain security than most other packages on NPM. This means that if you depend on [email protected], if my NPM account is hacked, you won't be affected by it.
So, this won't be changed.
This also forces to make releases less often. I don't want to release 1.3.0 and then 1.4.0 a few weeks later: there needs to be some time, because updating all dependents is tedious.
from noble-curves.
mahnunchik
commented on June 16, 2024
@paulmillr if your account is hacked then modified patch version can be published. It will be matched by ~ and ^.
So the solution doesn't resolve security issue but increases bundle size (there are 3 versions of @noble/curves in my project).
Alternative solution: update dependencies of @scure/bip32, ed25519-keygen, micro-*-signer more often.
from noble-curves.
mahnunchik
commented on June 16, 2024
I'm looking forward to have deps updated and new ed25519-keygen published.
from noble-curves.
Related Issues (20)
- Negative scalar multiplication with curve point (ed25519, ristretto255) HOT 1
- `htfOpts` not exposed in type definitions HOT 4
- `git clone` fails in Windows
- Add bitcoin as a topic to this repository
- Fp2.eql HOT 1
- EdDSA: add validate-after-sign HOT 3
- Fp.fromBytes does not mod-reduce by default HOT 2
- What is the difference between getSharedSecret and ECDH_compute_key HOT 1
- Same private keys generate different signatures HOT 1
- P256 signature verification was succeed with 2 public key. HOT 3
- Secure Curves in the Javascript Web Cryptography API - secp256k1, X25519, X448, Ed25519, Ed448 HOT 6
- Wrong signature is generated HOT 8
- seeded (instead of random) ed25519 private key generation? HOT 1
- x25519 encrypt/decrypt? HOT 1
- Signature::fromHex wrong in 1.3.0 HOT 4
- Default bls12_381 is incompatible with Ethereum beacon chain HOT 8
- Incompatibility with old bls12-381 library: not in prime-order subgroup HOT 3
- H2CPoint to ProjectivePoint HOT 2
- Montgomery sample code doesn't compile. (PR submitted) HOT 1
- G2 Curve Points for `bn254.sign()` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from noble-curves.