metamask-extension
LavaMoat
Our great sponsors
metamask-extension | LavaMoat | |
---|---|---|
1,137 | 16 | |
11,467 | 815 | |
2.2% | 3.2% | |
10.0 | 9.8 | |
3 days ago | 2 days ago | |
JavaScript | JavaScript | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
metamask-extension
-
How to Register a Smart Contract to Mode SFS with Hardhat.
Have an Ethereum wallet, preferably Metamask installed.
-
Assign a smart contract to an existing SFS NFT with Thirdweb deployment
A Metamask Account.
-
I turned my open-source project into a full-time business
Plenty of projects are source-available, but not open source, and get tons of issues, and even contributions (https://github.com/MetaMask/metamask-extension off the top of my head)
- ¡Entiende las Attestations! Guía definitiva📚
-
Understand Attestations! Ultimate Guide📚
You can create an attestation based on an existing schema or create your own. Schemas define the format in which attestations will be made, and in this case, we will use the Is Human schema to attest that the owner of a certain address is human. For this example, you only need to connect your Metamask wallet (or any wallet) to Scroll Sepolia, then enter the address you want to attest and click Make attestation. You can choose whether you want the off-chain attestation, i.e., free, obtained only by signing a transaction. Alternatively, you can choose to make it on-chain and pay for the transaction to make it public and connect it to smart contract logic. In this case, you will need to obtain funds in Scroll Sepolia through a Scroll Sepolia Faucet.
- Esta fórmula mueve billones 💰 en DeFi
-
Projects to contribute to
Metamask (9000 GitHub Stars) https://github.com/MetaMask/metamask-extension
-
Fe or Solidity, which is better?
For this tutorial you will need Metamask or other wallet of your choice, with Scroll Sepolia funds that you can get from a Sepolia faucet and then bridge them to L2 using the Scroll Sepolia bridge. Alternatively, you can use a Scroll Sepolia Faucet to get funds directly on L2.
-
Sovereign Mode: Access Your Wallet Using Safe.global web app
16) Open Metamask app. In this instruction we will use Metamask extension for Chrome browser.
-
Why Bother with uBlock Being Blocked in Chrome? Time to Switch to Firefox
> I get a 3-5 sec lag on launch [0] as it prepares the browser to block ads.
uBO is typically ready in a fraction of second, so "3-5 sec" is not normal. In Firefox all extensions sit in the same process, so it's possible another extension is preventing uBO to be ready in a timely manner, this has happened[1].
[1] https://github.com/MetaMask/metamask-extension/issues/13163
LavaMoat
-
Ledger's NPM account has been hacked
Just yesterday I watched a talk [0] at WarsawJS about LavaMoat [1], a set of tools to protect against malicious behaviour from npm dependencies. Guess it’s time to look into it deeper.
[0]: https://naugtur.pl/pres3/lava/2023end.html
[1]: https://github.com/LavaMoat/LavaMoat
-
Dozens of malicious PyPI packages discovered targeting developers
You are basically talking about Lavamoat. It provides tooling and policies for SES, which aims to make it into standards.
https://github.com/LavaMoat/LavaMoat
-
Supply chain security - prevent, not avoid
Enter: lavamoat. https://github.com/LavaMoat/LavaMoat
- LavaMoat: Tools for sandboxing your dependency graph
-
Deno.js in Production. Key Takeaways.
You should check out Lavamoat: https://github.com/LavaMoat/LavaMoat
It attempts to do what you're essentially describing. It was built by the MetaMask team, where supply chain attacks are an obviously huge risk.
I've spent some time trying to get it working in an app, but haven't been able to get it all the way working. It's still pretty beta and not well documented.
- Node.js packages don't deserve your trust
-
How to respond to growing supply chain security risks?
And it is happening right now. Github is opening the GitHub Advisory Database to community submissions. Awesome community NodeSecure builds cool things like scanner and js-x-ray. There are also lockfile-lint, LavaMoat, Jfrog-npm-tools (and I am sure there is more).
- On node-ipc and the importance of trusting trust
-
NPM package compromised by author: erases files on RU / BY computers on install
There is a proposal to add OCAPs on a language level in TC39[0]. There is already a drop-in implementation which already works in both Nodejs and browsers[1].
As a developer who wants to sandbox your own (recursive) dependencies, this is made accessible today in Lavamoat[2]. Basically a package or app can provide a policy manifest specifying which capabilities (e.g. network or filesystem access) should be granted for each dependency. Also comes with a tool that will auto-generate a starting point from your existing dependency tree.
IMO this is the future. Currently it does come with a performance penalty but hopefully this idea will catch on and make it into runtime implementations.
Lavamoat is still marked as "preprod" on npm but talking to the author it's a matter of days or weeks until the first stable release.
[0]: https://news.ycombinator.com/item?id=30703817
[1]: https://github.com/endojs/endo/tree/master/packages/ses
[2]: https://github.com/LavaMoat/LavaMoat
- Node runtime that sandboxes all NPM dependencies by default
What are some alternatives?
Selenium WebDriver - A browser automation framework and ecosystem.
create-vue - 🛠️ The recommended way to start a Vite-powered Vue project
rainbow - 🌈‒ the Ethereum wallet that lives in your pocket
vue-cli - 🛠️ webpack-based tooling for Vue.js Development
eth-gasnow-extention - GasNow extension for browser
cli - the package manager for JavaScript
hicetnunc - hicetnunc UI/UX
handlebars-helpers - 188 handlebars helpers in ~20 categories. Can be used with Assemble, Ghost, YUI, express.js etc.
opensea-js - TypeScript SDK for the OpenSea marketplace
EventSource - a polyfill for http://www.w3.org/TR/eventsource/
cardano-node - The core component that is used to participate in a Cardano decentralised blockchain.
proposal-shadowrealm - ECMAScript Proposal, specs, and reference implementation for Realms