Did a PR to gnosis safe UI to add missing SRI protection

https://github.com/safe-global/safe-wallet-monorepo/pull/5186/files

For those not in loop SRI tells the browser to not load javascript files that don't match an integrity hash

https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

 All bundlers support this with plugins

I'll be committing these sri hashes onchain

NPM packages, Python packages, GitHub releases, Linux packages, etc. should all have onchain hashes. Disappointed no one has built this yet.

NPM packages do have that, it's called provenance

https://github.blog/security/supply-chain-security/introducing-npm-package-provenance

GitHub releases have signed commits.

Linux packages have checksums.

Contributor @ /walletbeat.

Censorship resistance requires privacy.

building Stauro ❇ frontend dev at @ensdomains ❇
prev. @rainbow, @geniexyz, @fleek

None of these have all the security properties that putting them on a public blockchain would... Last I checked, Sigstore and TUF get close to it, but don't have nearly the same level of censorship resistance as Ethereum does, which means an attacker can hold back package updates.

NPM packages do have that, it's called provenance

https://github.blog/security/supply-chain-security/introducing-npm-package-provenance

GitHub releases have signed commits.

Linux packages have checksums.

https://donatoroque.wordpress.com/2017/07/15/use-pacutils-paccheck-verify-package-integrity-in-arch/