“Mini” my ass, costs too much!

Caution: Spark makes major tradeoffs in terms of transaction privacy. It is a proprietary protocol, ran by a single company, Solutions like Rizful, WoS, etc. are not much better either, but they at least do not have an open endpoint allowing anyone to trace wallet histories.

it should be safe to assume that: - repeated auths can be ignored - auth challenge should remain static across session - one should be enough unless it fails when submitting (OK false) in which case the user should be alerted anyway

they shouldn't be! the auth message is static, and a client shouldn't sign/prompt multiple times

nostr.land only sends auth on connect and after auth-required: because some frameworks to my knowledge expect an auth message to be sent alongside auth-required, not just at the start, unfortunately...

Just zap multiple times?

Over 75% of all software I’d say. Probably less if you do not count low user slop as software.

GitHub has become a big vector for spam recently

looking at a bunch of Nostr apps made with AI assistance… quality is poor and there are unacceptable issues

Arrays MUST be ordered when decoding, that is the entire point of arrays 😅 JSON does not have sets

They are, though? JSON object keys were the unordered ones