-
Notifications
You must be signed in to change notification settings - Fork 355
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove all dependencies, improve security #289
Comments
I fully second what @paulmillr just suggested. Except that I would also suggest to remove
|
I was wondering how long it was going to take for someone to notice brorand. |
elliptic/package.json
Lines 47 to 55 in 43ac7f2
I suggest to switch to developed and audited projects:
bn.js
can be dropped, in favor of native bigints, which have been supported everywhere for a long timebrorand
can be dropped in favor of a simple 5-lines-of-code filehash.js
can be replaced by @noble/hashes, which has been independently audited, and supports tree shakinghmac-drbg
andsecp256k1
implementation can be replaced by @noble/secp256k1, which has been independently audited, uses native bigints, and is getting more and more popular. There is also an optional compatibility layer with old apiinherits
does not seem that useful at this point, since the intro of es6 classesminimalistic-assert
,minimalistic-crypto-utils
can be kept, I suggest to set their versions to a fixed value instead of rangeThe text was updated successfully, but these errors were encountered: