2 mesiacov pred · d81f78d0ba
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -32,6 +32,68 @@ Documentation for the in-the-wild deployments lives in the
 
				 
			
 
				 See [DEVELOP.md](./DEVELOP.md) for more information on how to run the development environment.
			
 
				 
			
 
				+## Supply Chain Security
			
 
				+
			
 
				+### Core Principles
			
 
				+- **Pin as much as possible**: Versions, hashes, and dependencies
			
 
				+- **Minimize attack surface**: Fewer dependencies = fewer risks
			
 
				+- **Verify integrity**: Use lockfiles and checksums
			
 
				+
			
 
				+### Working with Node dependencies
			
 
				+Do not change the dependencies of the package.json by hand! 
			
 
				+
			
 
				+Instead:
			
 
				+
			
 
				+- When initially installing OR pulling what has been changed: `npm ci`. 
			
 
				+If you do not do this, you may not get exactly what is specified in the file, inadvertently update dependencies, or even pull exploits down to your machine! **Never use `npm install` for this use case**.
			
 
				+- When needing to add or update a package: `npm i <package>@<version>`. If you do not do this, you may inadvertently update other packages or fail to update the lock file.
			
 
				+- When needing to remove a package: `npm r <package>`. If you do not do this, you may inadvertently update other packages or fail to update the lock file.
			
 
				+
			
 
				+Always commit your `package-lock.json`.
			
 
				+
			
 
				+Using specific versions improves security because package versions cannot be overwritten after they are released.
			
 
				+
			
 
				+#### Dockerfile workflow
			
 
				+
			
 
				+##### If installing a package locally
			
 
				+
			
 
				+- Copy in package.json and the lock file
			
 
				+- Then run `npm ci`
			
 
				+
			
 
				+```dockerfile
			
 
				+# NOTE: Dockerfile must be pinned too
			
 
				+FROM node:18.19.0-alpine@sha256:12345...
			
 
				+
			
 
				+WORKDIR /app
			
 
				+
			
 
				+# Include package files
			
 
				+COPY package.json package-lock.json ./
			
 
				+
			
 
				+# Use npm ci so that packages are not upgraded
			
 
				+RUN npm ci
			
 
				+
			
 
				+...
			
 
				+```
			
 
				+
			
 
				+##### If installing a package globally
			
 
				+
			
 
				+- Use `npm i <package>@<version>`
			
 
				+
			
 
				+```dockerfile
			
 
				+# NOTE: Dockerfile must be pinned too
			
 
				+FROM node:18.19.0-alpine@sha256:12345...
			
 
				+
			
 
				+# Pin global packages to specific versions
			
 
				+RUN npm install -g somepackage@1.2.3
			
 
				+
			
 
				+...
			
 
				+
			
 
				+```
			
 
				+
			
 
				+### When to update packages
			
 
				+Updating packages should not be done alongside other work. Instead, take the time to review dependency upgrades carefully,
			
 
				+making a best effort to ensure that they are necessary and secure.
			
 
				+
			
 
				 ## Contributions FAQ
			
 
				 
			
 
				 ### Can you add \<random blockchain\>?
			
--- a/algorand/test/NOTES
+++ b/algorand/test/NOTES
@@ -1,65 +0,0 @@
 
				-index 0
			
 
				-appId 4
			
 
				-textToHexString("guardian");
			
 
				-guardianAddr CLAOUBJPZ5WNLM7ZU237TCOV2WODAGNUX3536PZ3JSWMBN7M46UADLN3GY
			
 
				-
			
 
				-('CLAOUBJPZ5WNLM7ZU237TCOV2WODAGNUX3536PZ3JSWMBN7M46UADLN3GY',
			
 
				- '01befa429d57cd18b7f8a4d91a2da9ab4af05d0fbe00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000677561726469616e')
			
 
				-
			
 
				-illness illegal arrive clip fork palm skull south impose verify toss ocean shrug vital swift similar depend margin climb uniform risk pizza canal absorb forward
			
 
				-
			
 
				-# Locally in your project.
			
 
				-npm install -D typescript
			
 
				-npm install -D ts-node
			
 
				-
			
 
				-# Or globally with TypeScript.
			
 
				-npm install -g typescript
			
 
				-npm install -g ts-node
			
 
				-
			
 
				-# Depending on configuration, you may also need these
			
 
				-npm install -D tslib @types/node
			
 
				-
			
 
				-go to .../ethereum/
			
 
				-npm ci
			
 
				-go to ..../sdk/js
			
 
				-npm ci; npm run build
			
 
				-
			
 
				-Then, in a new window, you can run
			
 
				-  tsc -p tsconfig-cjs.json --watch
			
 
				-which will track updates
			
 
				-
			
 
				-ts-node foo2.ts
			
 
				-
			
 
				-
			
 
				-https://github.com/barnjamin/sdk-extras/blob/master/py/block_fetcher.py
			
 
				-
			
 
				-package main
			
 
				-
			
 
				-import (
			
 
				-        "context"
			
 
				-        "strings"
			
 
				-
			
 
				-        "github.com/algorand/go-algorand/rpcs"
			
 
				-        "github.com/algorand/indexer/fetcher"
			
 
				-        "github.com/sirupsen/logrus"
			
 
				-)
			
 
				-
			
 
				-var log = logrus.New()
			
 
				-
			
 
				-func main() {
			
 
				-        f, err := fetcher.ForNetAndToken("http://localhost:4001", strings.Repeat("a", 64), log)
			
 
				-        if err != nil {
			
 
				-                log.Fatalf("Failed to create fetcher: %+v", err)
			
 
				-        }
			
 
				-
			
 
				-        f.SetBlockHandler(handler)
			
 
				-
			
 
				-        f.Run(context.Background())
			
 
				-}
			
 
				-
			
 
				-func handler(ctx context.Context, cert *rpcs.EncodedBlockCert) error {
			
 
				-        for _, stxn := range cert.Block.Payset {
			
 
				-                log.Printf("%+v", stxn.SignedTxn.Txn.Type)
			
 
				-        }
			
 
				-        return nil
			
 
				-}