LavaMoat
metamask-extension
LavaMoat | metamask-extension | |
---|---|---|
16 | 1,137 | |
815 | 11,480 | |
1.6% | 1.0% | |
9.8 | 10.0 | |
6 days ago | about 4 hours ago | |
JavaScript | JavaScript | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
LavaMoat
-
Ledger's NPM account has been hacked
Just yesterday I watched a talk [0] at WarsawJS about LavaMoat [1], a set of tools to protect against malicious behaviour from npm dependencies. Guess it’s time to look into it deeper.
[0]: https://naugtur.pl/pres3/lava/2023end.html
[1]: https://github.com/LavaMoat/LavaMoat
-
Dozens of malicious PyPI packages discovered targeting developers
You are basically talking about Lavamoat. It provides tooling and policies for SES, which aims to make it into standards.
https://github.com/LavaMoat/LavaMoat
-
Supply chain security - prevent, not avoid
Enter: lavamoat. https://github.com/LavaMoat/LavaMoat
- LavaMoat: Tools for sandboxing your dependency graph
-
Deno.js in Production. Key Takeaways.
You should check out Lavamoat: https://github.com/LavaMoat/LavaMoat
It attempts to do what you're essentially describing. It was built by the MetaMask team, where supply chain attacks are an obviously huge risk.
I've spent some time trying to get it working in an app, but haven't been able to get it all the way working. It's still pretty beta and not well documented.
- Node.js packages don't deserve your trust
-
How to respond to growing supply chain security risks?
And it is happening right now. Github is opening the GitHub Advisory Database to community submissions. Awesome community NodeSecure builds cool things like scanner and js-x-ray. There are also lockfile-lint, LavaMoat, Jfrog-npm-tools (and I am sure there is more).
- On node-ipc and the importance of trusting trust
-
NPM package compromised by author: erases files on RU / BY computers on install
There is a proposal to add OCAPs on a language level in TC39[0]. There is already a drop-in implementation which already works in both Nodejs and browsers[1].
As a developer who wants to sandbox your own (recursive) dependencies, this is made accessible today in Lavamoat[2]. Basically a package or app can provide a policy manifest specifying which capabilities (e.g. network or filesystem access) should be granted for each dependency. Also comes with a tool that will auto-generate a starting point from your existing dependency tree.
IMO this is the future. Currently it does come with a performance penalty but hopefully this idea will catch on and make it into runtime implementations.
Lavamoat is still marked as "preprod" on npm but talking to the author it's a matter of days or weeks until the first stable release.
[0]: https://news.ycombinator.com/item?id=30703817
[1]: https://github.com/endojs/endo/tree/master/packages/ses
[2]: https://github.com/LavaMoat/LavaMoat
- Node runtime that sandboxes all NPM dependencies by default
metamask-extension
-
How to Register a Smart Contract to Mode SFS with Hardhat.
Have an Ethereum wallet, preferably Metamask installed.
-
Assign a smart contract to an existing SFS NFT with Thirdweb deployment
A Metamask Account.
-
I turned my open-source project into a full-time business
Plenty of projects are source-available, but not open source, and get tons of issues, and even contributions (https://github.com/MetaMask/metamask-extension off the top of my head)
- ¡Entiende las Attestations! Guía definitiva📚
-
Understand Attestations! Ultimate Guide📚
You can create an attestation based on an existing schema or create your own. Schemas define the format in which attestations will be made, and in this case, we will use the Is Human schema to attest that the owner of a certain address is human. For this example, you only need to connect your Metamask wallet (or any wallet) to Scroll Sepolia, then enter the address you want to attest and click Make attestation. You can choose whether you want the off-chain attestation, i.e., free, obtained only by signing a transaction. Alternatively, you can choose to make it on-chain and pay for the transaction to make it public and connect it to smart contract logic. In this case, you will need to obtain funds in Scroll Sepolia through a Scroll Sepolia Faucet.
- Esta fórmula mueve billones 💰 en DeFi
-
Projects to contribute to
Metamask (9000 GitHub Stars) https://github.com/MetaMask/metamask-extension
-
Fe or Solidity, which is better?
For this tutorial you will need Metamask or other wallet of your choice, with Scroll Sepolia funds that you can get from a Sepolia faucet and then bridge them to L2 using the Scroll Sepolia bridge. Alternatively, you can use a Scroll Sepolia Faucet to get funds directly on L2.
-
Sovereign Mode: Access Your Wallet Using Safe.global web app
16) Open Metamask app. In this instruction we will use Metamask extension for Chrome browser.
-
Why Bother with uBlock Being Blocked in Chrome? Time to Switch to Firefox
> I get a 3-5 sec lag on launch [0] as it prepares the browser to block ads.
uBO is typically ready in a fraction of second, so "3-5 sec" is not normal. In Firefox all extensions sit in the same process, so it's possible another extension is preventing uBO to be ready in a timely manner, this has happened[1].
[1] https://github.com/MetaMask/metamask-extension/issues/13163
What are some alternatives?
create-vue - 🛠️ The recommended way to start a Vite-powered Vue project
Selenium WebDriver - A browser automation framework and ecosystem.
vue-cli - 🛠️ webpack-based tooling for Vue.js Development
rainbow - 🌈‒ the Ethereum wallet that lives in your pocket
cli - the package manager for JavaScript
eth-gasnow-extention - GasNow extension for browser
handlebars-helpers - 188 handlebars helpers in ~20 categories. Can be used with Assemble, Ghost, YUI, express.js etc.
hicetnunc - hicetnunc UI/UX
EventSource - a polyfill for http://www.w3.org/TR/eventsource/
opensea-js - TypeScript SDK for the OpenSea marketplace
proposal-shadowrealm - ECMAScript Proposal, specs, and reference implementation for Realms
cardano-node - The core component that is used to participate in a Cardano decentralised blockchain.