invoice-canister icon indicating copy to clipboard operation
invoice-canister copied to clipboard

Published 20 hours ago verified publisher icon dfinity

[SEC-F12] Copied libraries

Open krpeacock opened this issue 3 years ago • 2 comments

Observation

The sha256, crc32 and hex libraries are copied into the repository.

Risk Description

If the libraries are copied, it is hard to keep them up to date. Also it is not clear if and how they are tested and where they come from.

Recommendations

Use these libraries as a dependency rather than copying them.

krpeacock avatar Feb 23 '22 18:02 krpeacock

Aviate lab's package set would be sufficient for doing this? Specifically:

https://github.com/aviate-labs/crypto.mo https://github.com/aviate-labs/io.mo https://github.com/aviate-labs/hash.mo https://github.com/aviate-labs/encoding.mo https://github.com/aviate-labs/principal.mo

Contain many of the functions that could be used to refactor and simplify the necessary operations. Unless there's an official Dfinity package set somewhere?

atengberg avatar Dec 03 '22 21:12 atengberg

Using the aviate labs libraries is good with me

krpeacock avatar Dec 07 '22 00:12 krpeacock