search

crypto-com / defi-wallet-core-rs

Cross-platform, cross-blockchain wallet library in Rust for DeFi Wallet and other applications.
Other
48 stars 16 forks source link

Problem: deprecated JS dependencies with known vulnerabilities #371

Open tomtau opened 2 years ago

tomtau commented 2 years ago

"contracts" directory has tens of known vulnerabilities: https://github.com/crypto-com/defi-wallet-core-rs/tree/main/contracts as per npm audit

It seems this folder is just used for deployment of contracts in integration tests... if so, could it be done without this excessive dependency tree that contains many packages with known vulnerabilities? For example, just use dapp tools: https://github.com/dapphub/dapptools/tree/master/src/dapp#deployment

as used e.g. in cronos: https://github.com/crypto-org-chain/cronos/tree/f3691b3dd1554c422c05bcedea62da285f48c821/contracts ?

damoncro commented 2 years ago

OK, let me check... the dependencies is copied from cronos... But long time ago..

damoncro commented 2 years ago

Yup, we can simply change to dapp.