Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add warning / Improve security around installing ethpm URIs #94

Open
njgheorghita opened this issue Feb 26, 2020 · 0 comments
Open

Add warning / Improve security around installing ethpm URIs #94

njgheorghita opened this issue Feb 26, 2020 · 0 comments

Comments

@njgheorghita
Copy link
Contributor

Only install packages from registries you trust is a major requirement of ethpm. You should always trust the owner of a registry before installing (or activating) a package.

It might be a good idea to implement some kind of loose confirmation when you want to install / activate a package....

> ethpm install ethpm://0x123abc/[email protected]
Installing a package from the registry @ 0x123abc.
The owner of this registry is: 0x456def.
Do you  trust this owner? Are you sure you want to install packages from their registry?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant