Remove ProviderEngine
holgerd77 opened this issue · 1 comments
Support for ProviderEngine implemented in provider-engine.ts is bringing in the web3-provider-engine dependency.
This draws in a myriad of unnecessary additional dependencies which are often outdated since the package is not very actively maintained and superseded by json-rpc-engine. This is problematic from a security POV (mildly speaking) and significantly diminishes the installation experience especially through various older versions of the hashing libraries (keccak, secp2561) drawn in.
I would suggest to remove this feature, it should be relatively easily possible to do this integration on the user side if needed by adopting the code from provider-engine.ts.
//cc @kumavis
@holgerd77 find by me 👍 , be sure to respect semver in its removal