Further improve security of the frontend code by looking into these two things:
- Minimizing the secrets that are exposed to our CI workflow. We are lucky in that we don't release any NPM packages, nor do we release build artifacts that are taken by 3rd parties as-is. However, we should investigate whether Github Actions expose any secrets by default that when exfiltrated would allow an attacker to compromise our codebase (e.g. by pushing to the repo).
- Look into this minimum package age feature of pnpm mentioned by Coinspect.
See also post by Coinspect: https://www.coinspect.com/blog/dapp-supply-chain-attack/
Further improve security of the frontend code by looking into these two things:
See also post by Coinspect: https://www.coinspect.com/blog/dapp-supply-chain-attack/