Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Improvement] Allow self-distribution of Connect #1369

Closed
artursapek opened this issue Dec 19, 2023 · 1 comment
Closed

[Improvement] Allow self-distribution of Connect #1369

artursapek opened this issue Dec 19, 2023 · 1 comment
Labels
enhancement New feature or request

Comments

@artursapek
Copy link
Collaborator

Today, the only official way of integrating Connect into an application requires it be downloaded from the unpkg.com CDN. This kind of centralization is bad for multiple reasons:

  • unpkg.com infrastructure is a single point of failure
  • everyone using Wormhole Connect is exposed to supply chain attacks on our NPM package. Such an attack happened to Ledger literally last week.

Given Connect's role as a wallet aggregator, it's especially attractive as an attack target. Developers should be able to host their own copies of Connect and not rely on the unpkg.com CDN.

Open questions:

  • What is the ideal way to let people bundle Connect into their own applications?
  • How do we deal with the fact that the current NPM package is published from wormhole-connect-loader, yet the actual source code lives inside wormhole-connect?
@artursapek artursapek added bug Something isn't working integration-support An issue reported by an integrator enhancement New feature or request security and removed bug Something isn't working integration-support An issue reported by an integrator labels Dec 19, 2023
@aadam-10 aadam-10 removed the security label Feb 1, 2024
@aadam-10
Copy link
Contributor

covered in #1715

@aadam-10 aadam-10 closed this as not planned Won't fix, can't repro, duplicate, stale Mar 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@artursapek @aadam-10