Nostr Web Client

True - that's a different problem and multisig is a good starting point to solve that. But you can use nostr web of trust for reputation! I see as nostr pgp with actual adoption

aljaz 3mo ago 💬 3

I know, but the reputation part doesnt solve the hacked part, hence my comment:)

As nostr:nprofile1qqsprwdgjszdhucrfelp3p46nhzvd5mk7gu6zxp8r0fwc4n63zv9pnspz3mhxue69uhhwmm59ehx7um5wghxuet59ucq863l mentioned zapstore is much better implementation of this because its higher up in the food chain, here you have layers so maybe the author of the lib you are using has high rep score with the author of the lib that his lib was using but not with you, the problem is that a tiny lib is not a finalized product so you can have multiple layers of reputation/trust in between, its not very informative at the point

Reply to this note

Please Login to reply.

Discussion

Max 3mo ago

Did someone jack the devs' keys? Or was it someone playing a long game (where reputation may help more)?

Do it for agents! That's where we have j curve potential. New app store is cool and I'm a huge fan of nostr:nprofile1qyghwumn8ghj7mn0wd68ytnvv9hxgtcqypex583xrnryw3n5aq59uw23kwa38xlf5aeart85nhyx3kuxrgwpzjh056v & nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7qghwaehxw309aex2mrp0yhxummnw3ezucnpdejz7qpq0r8xl2njyepcw2zwv3a6dyufj4e4ajx86hz6v4ehu4gnpupxxp7s85uvay, but building for agents has way more mainstream potential imo

aljaz 3mo ago

The initial step of this recent wave of npm hacks started with Qix being hacled, then another dev so it was not a long term infiltration like the xz utils attack last year https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack

franzap 3mo ago

The agent marketplace is indeed interesting.

I don't see how it would fix the npm problem though, I second what aljaz and Justin said.