GNU bug report logs - #47500
Hello, I would like to use the Dark Reader extension with IceCat

Previous Next

Package: gnuzilla;

Reported by: Fafa Kitten <tacokoneko <at> gmail.com>

Date: Tue, 30 Mar 2021 14:47:02 UTC

Severity: normal

Full log

View this message in rfc822 format

From: Mark H Weaver <mhw <at> netris.org>
To: bill-auger <bill-auger <at> peers.community>, 47500 <at> debbugs.gnu.org
Subject: bug#47500: Hello, I would like to use the Dark Reader extension with IceCat
Date: Wed, 31 Mar 2021 03:00:22 -0400

Mark H Weaver <mhw <at> netris.org> writes:
> I'm uneasy about the size of its package-lock.json file:
>
>   https://github.com/darkreader/darkreader/blob/v4.9.29/package-lock.json
>
> It contains *1074* unique URLs to libraries at registry.npmjs.org.
[...]
> I'm uncomfortable with putting our trust into so many libraries on
> npmjs.org, but I welcome other opinions.

Also: of those 1074 dependencies, 272 of them rely on SHA-1 for
integrity protection of the downloaded packages.

       Mark
This bug report was last modified 4 years and 73 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.