[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47500: Hello, I would like to use the Dark Reader extension with Ice
From: |
Mark H Weaver |
Subject: |
bug#47500: Hello, I would like to use the Dark Reader extension with IceCat |
Date: |
Wed, 31 Mar 2021 03:00:22 -0400 |
Mark H Weaver <mhw@netris.org> writes:
> I'm uneasy about the size of its package-lock.json file:
>
> https://github.com/darkreader/darkreader/blob/v4.9.29/package-lock.json
>
> It contains *1074* unique URLs to libraries at registry.npmjs.org.
[...]
> I'm uncomfortable with putting our trust into so many libraries on
> npmjs.org, but I welcome other opinions.
Also: of those 1074 dependencies, 272 of them rely on SHA-1 for
integrity protection of the downloaded packages.
Mark