Closed D2Phoenix closed 2 years ago
Wow! Cool work!
Thank you, I see a lot of work done!
We deliberately use plain js and do not use frameworks in web applications where there is direct access to the user's private keys.
We also try to use the minimum number of dependencies, and consciously include them as static files and not as npm packages.
We understand that this may not be fashionable.
We try to minimize the number of potential vulnerabilities, taking into account the design of npm modules with an infinite number of unknown sub-dependencies and the errors and vulnerabilities that periodically arise because of this.
For security reasons, we are also thinking about removing the build and minification.
I will clarify that this level of paranoia is only in relation to the code that has access to private keys. For example, a dapp that interacts with an extension can use react and redux.
The division of the application into 3 isolated areas is due to the requirements of the Chrome Extension architecture. But you seem to have figured it out without my clarification.
Despite the fact that this PR cannot be accepted into a standard TON wallet, I ask you to publish it as a separate product, it will probably be useful to many developers.
Thanks for feedback. For future reference, code was published at: react-ton-wallet
Not sure if you interested in migration ton wallet to react + redux stack, but in case of interest - this PR is one-to-one migration from existing codebase. Only background script behaviour was changed. Direct manipulation of the shared(store is created at background and the app obtained it by reference) redux store was implemented instead of communication with popup by port.