A place for developers to talk about building on Farcaster.

/dev

what do we all think about the /solana supply chain attack? https://paragraph.xyz/@bytebot.eth/the-solana-web3js-supply-chain-attack

There's no excuse to leave critical JS infrastructure this vulnerable to supply chain attacks, thanks to LavaMoat from @metamask.

Hasn't been for a few years, but if it takes a big hack to get you to think longer term, then I recommend you seize the opportunity:

There's no excuse to leave critical JS infrastructure this vulnerable to supply chain attacks, thanks to LavaMoat from @metamask.

Hasn't been for a few years, but if it takes a big hack to get you to think longer term, then I recommend you seize the opportunity:

https://github.com/LavaMoat/LavaMoat

co founder of @metamask . Making computers behave for us.

It reduces the risk posed by supply chain attacks to a significantly more tractable and often/likely endurable level. There's no free lunch, but you can limit the risk down to what you are trusting the external code to do (no more), provided the sandbox holds (a constantly improving target).

Can LavaMoat fully prevent supply chain attacks, or does it mainly reduce vulnerabilities?
@danfinlay