A collection of tools, documents, articles, blog posts, interviews, and videos related to MakerDAO and the Dai stablecoin.
Home Page: https://awesome.makerdao.com/
License: GNU Affero General Public License v3.0
cDai
rDai
lsDai
i think there's others.
| Current image | python:3.6.6 | Vulns: 1097 | 83C260H286M468L |
|---|---|---|---|
| Minor upgrades | python:3.10.0b4 | Vulns: 445 | 12C56H86M291L |
Current image | python:3.6.6
Critical : 83
python:3.10.0b4
Critical: 12
Can we add https://daiauctions.com/ to the metrics for users browse acution process?
Disable X-Powered-By header for your Express app (consider using Helmet middleware), because it exposes information about the used framework to potential attackers.
const express = require('express');
const bodyParser = require('body-parser');
const { ApolloServer } = require('apollo-server-express');
const supertest = require('supertest');
const { buildClientSchema } = require('graphql');
const generateMocks = obj => {
const result = {};
for (const property in obj) {
result[property] = () =>
typeof obj[property] === 'object' && !Array.isArray(obj[property])
? generateMocks(obj[property])
: obj[property];
}
return result;
};
const graphql = async (endpoint, req) => {
const schema = buildClientSchema(endpoint.graphql.schema);
const server = new ApolloServer({
schema,
path: '/',
mocks: endpoint.graphql.mocks ? generateMocks(endpoint.graphql.mocks) : true
});
const app = express();
app.use(bodyParser.json());
server.applyMiddleware({ app, path: '/' });
const result = await supertest(app).post('/').send(req.body);
return result.body;
};
module.exports = graphql;
Hi. There are two working subgraphs for Maker
https://thegraph.com/explorer/subgraph/protofire/makerdao
https://thegraph.com/explorer/subgraph/protofire/maker-protocol
But they could be improved. And new ones could be implemented. Would ask someone of Maker community to check this topic.
res.set(
'Access-Control-Allow-Headers',
'Origin, X-Requested-With, Content-Type, Accept'
);
return res.send(graphqlResponse);
Unsanitized input from the HTTP request body flows into send, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).
Fix: Your dependencies are out of date, otherwise you would be using a newer node-fetch than [email protected]. Try relocking your lockfile or deleting node_modules, reinstalling and running . If the problem persists, one of your dependencies may be bundling outdated modules.
Overview
is a light-weight module that brings window.fetch to node.js
Affected versions of this package are vulnerable to Information Exposure when fetching a remote url with Cookie, if it get a Location response header, it will follow that url and try to fetch that url with provided cookie. This can lead to forwarding secure headers to 3th party.
Advisable action - change the logo.
https://github.com/makerdao/awesome-makerdao
The first link of "Watch your Dai" section:
res.set(
'Access-Control-Allow-Headers',
'Origin, X-Requested-With, Content-Type, Accept'
);
return res.send(graphqlResponse);
Unsanitized input from the HTTP request body flows into send, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).
This list needs a little reorganization, because now we have some links twice, for example Stablecoin Index, mkr.tools, oasis.
Directory Traversal
Vulnerable module: adm-zip
Introduced through: [email protected]
Detailed paths
Introduced through: [email protected]
Remediation: Upgrade to [email protected].
Overview
adm-zip is a JavaScript implementation for zip data compression for NodeJS.
Affected versions of this package are vulnerable to Directory Traversal. It could extract files outside the target folder.
The readme file is missing the following:
Hello team,
May I ask you to reference Opera Crypto Wallet to the list of referenced wallets please ?
Thank you
having a list of the winners/bounty seekers from the hackathons could be cool
Add SimpleHold.io wallet to the wallet section - https://simplehold.io/coins/ethereum/maker
It would be great if you guys update the resources for New governance architecture of Maker and add spark protocol resources as well
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
