Braydon Fuller on Nostr: I remember working on bitcoin libraries for multisig hardware wallets and thinking to ...
I remember working on bitcoin libraries for multisig hardware wallets and thinking to myself, all that security is kinda moot when all it takes is *one* dependency from NPM to be compromised and every one of the signers, using identical software, signs the wrong thing. We ended up with zero third-party libraries and we checked the signatures of every package, with Git, when updating. Stay frosty.
Published at
2025-02-22 23:08:09Event JSON
{
"id": "edf4fdaf6fa7d2c5cd2396499a0d2328968f77dd73ad3dbcded720779a2b137f",
"pubkey": "1bf9f239dca1636149bc2f3fc334077ae959ea9607cacf945ef8f8bb227dc5e1",
"created_at": 1740265689,
"kind": 1,
"tags": [],
"content": "I remember working on bitcoin libraries for multisig hardware wallets and thinking to myself, all that security is kinda moot when all it takes is *one* dependency from NPM to be compromised and every one of the signers, using identical software, signs the wrong thing. We ended up with zero third-party libraries and we checked the signatures of every package, with Git, when updating. Stay frosty.",
"sig": "f4dd84a0af39b913adcb6bee3549e95a3eece3b8e21bbbc402d142df977b1b61a6f564f147913fe8b0d7fa1e905a7cf88753465face72dbfd09e74109bfa2806"
}
