Open richardrauser opened 2 days ago
Follow the OnchainKit Getting Started guide: https://onchainkit.xyz/getting-started
This necessitates exposing a Coinbase API key in a client component, meaning any users of the web app implementing OnchainKit can access the key.
GitGuardian reports this as a critical security vulnerability.
OnchainKit does not require an API key to be exposed to end users.
0.23.4
It also does not appear to be possible to revoke or rotate this API key.
Describe the bug and the steps to reproduce it
Follow the OnchainKit Getting Started guide: https://onchainkit.xyz/getting-started
This necessitates exposing a Coinbase API key in a client component, meaning any users of the web app implementing OnchainKit can access the key.
GitGuardian reports this as a critical security vulnerability.
What's the expected behavior?
OnchainKit does not require an API key to be exposed to end users.
What version of the libraries are you using?
0.23.4