EthPM package management: Make sure dependencies don't try to access file they're not supposed to

trufflesuite / truffle

:warning: The Truffle Suite is being sunset. For information on ongoing support, migration options and FAQs, visit the Consensys blog. Thank you for all the support over the years.

https://consensys.io/blog/consensys-announces-the-sunset-of-truffle-and-ganache-and-new-hardhat?utm_source=github&utm_medium=referral&utm_campaign=2023_Sep_truffle-sunset-2023_announcement_

MIT License

14.02k stars 2.31k forks source link

EthPM package management: Make sure dependencies don't try to access file they're not supposed to #338

Closed tcoulter closed 2 years ago

tcoulter commented 7 years ago

i.e.,

{
  'sources': {
    './../../../etc/passwords`: 'ipfs://Qm....'
  }
}

:boom:

haltman-at commented 3 years ago

@eggplantzzz, @gnidan, do you know if if this is still an issue?

eggplantzzz commented 3 years ago

I don't know for sure but I would imagine that this is out of scope for us. It seems like you have to trust whatever packages you use.

cliffoo commented 2 years ago

Closing, see pr#5283.