Readit NewsBitcoin may not be the end all solution, but it's a great current option.
Hopefully the VM/container run environment is also in a network-isolated environment too, so it can only be accessed and invoked through the expected routes, and it can't make arbitrary network calls to external hosts that haven't been manually reviewed and approved.
I agree that the happy path is ideal and hopefully the common case. Regardless, anything with access to production secrets for my team is run on the most minimal image possible (and none of those secrets are available during dependency installation and compilation).
I've had a couple of minor incidents with NodeJS dependencies over the last few years on this front which sort of opened my eyes to running untrusted code. I tend to err on the side of distribution packages since, with the restrictions that imposes on what I do.
Depending on how and where you deploy, you can mitigate some of that by isolating the installs and not keeping sensitive information there (e.g. in a docker image).
[1] - I don't follow node/npm closely anymore, so this may have changed.
My biggest issue is with the UI though. Without watching the video I wouldn't know what half the buttons do. Many of them have multiple actions/states and there are no labels or tooltips for buttons.
Forms do have labels, but you have to click an icon to read them. It seems the only benefit of this is that you can also see what the label is in French, but unless you're translating the app, most users would prefer to just see the label in the language of their choice. And there are some dialogs where just English text is shown, so this isn't entirely consistent. Maybe I'm totally missing something here, but I think simply having a user select their preferred language isn't something that needed to be innovated away.
This post is the Armin Ronacher take that the author here is talking about: https://news.ycombinator.com/item?id=38768997
At Volta Circuit, we specialize in developing secure and innovative smart contracts that empower users to take full control of their digital assets through enhanced self-custody solutions. We believe in providing companies with the tools and technology they need to manage access to their digital wealth with confidence and autonomy through multisig and an advanced rules engine to delegate access.
We are seeking a talented and passionate React developer with experience in decentralized applications (dApps) to join our small team. As the primary front end developer, you will play a crucial role in owning and guiding our front end architecture, ensuring that our users have a seamless and secure experience when interacting with our platform and smart contracts. Your expertise in dApp development will be invaluable in creating a user-friendly and intuitive interface that empowers users to take full control of their digital assets.
We are looking for a self-sufficient individual with excellent communication skills who can work as a self manager and as part of a team. dAPP and full stack experience, specifically with Golang and Postgresql, are a bonus as we all work across the stack (React, Golang, Postgesql, EVM, Cosmos).
If you’re interested in learning more, email us at hireme [at] voltacircuit.com.