Why we use chainlink-brownie-contracts but not download from Chainlink officially

[CH-coding-fire]

Hi all,
In the course, Patrick have us to download chainlink-brownie-contracts, that is unofficial.

I prefer to download it from official source, like imagine how to explain to your boss if you need to download something that is not official when security is important.

However, when I search Chainlink doc, it seems that there is no solution for foundry, there is something called foundry-chainlink-toolkit in the doc however, it does not contain the contracts I want such as V3Aggregator. https://docs.chain.link/quickstarts/foundry-chainlink-toolkit.

Can anyone explain this? Thanks! Btw another question, should this kind of question be put into Discussions or Issues?

[EngrPips]

Hello @CH-coding-fire, This question is OK here in discussion. Honestly, I didn't even give it a second thought when Patrick instructed us to install that package as I believe, as far as smart contract security is concerned, Patrick knows more than I do, and I think that package should be a sub-package of chainlink but then, since you raised this question, let's wait for @PatrickAlphaC response and learn more together.

[AbhiSharma1210]

As I read the Github page of Chainlink brownie contract. It says this "This repository is a slimmed down version of Chainlink's official repo.... its a minimal repo that only copies the chainlink/contracts folder and updates it everyday.". I think if you go and compare both the official and the brownie versions you'll be able to figure out what difference there is.

[EngrPips]

Interesting

[CH-coding-fire]

The belief that they are the same is based on we trust Patrick (the author) , but imagine how to explain that to your boss if it is real job?

[EngrPips]

Honestly, it isn't hard. You will go, Boss, I need this file, but it is not in the main repo of Chainlink. They have a sub-repo that has the file. Can I install it from their Boss?

[PatrickAlphaC]

gm, happy to answer here!

Patrick have us to download chainlink-brownie-contracts, that is unofficial

That's not true. This is an official repo. The repository is owned and maintained by the chainlink team for this very purpose, and gets releases from the proper chainlink release process. You can see it's still the smartcontractkit org as well.

https://github.com/smartcontractkit/chainlink-brownie-contracts

Let's talk about what "Official" means

The "official" release process is that chainlink deploys it's packages to npm. So technically, even downloading directly from smartcontractkit/chainlink is wrong, because it could be using unreleased code.

So, then you have two options:

1. Download from NPM and have your codebase have dependencies foreign to foundry
2. Download from the chainlink-brownie-contracts repo which already downloads from npm and then packages it nicely for you to use in foundry.

Summary

1. That is an official repo maintained by the same org
2. It downloads from the official release cycle chainlink/contracts use (npm) and packages it nicely for digestion from foundry

Great question! And keep that skepticism - it'll treat you well.

[AbhiSharma1210]

This was very informative. IMO this should be added in the readme and visible to people to remove confusion.

[EngrPips]

Indeed

[PatrickAlphaC]

Good shout. Anyone care to open a PR for codebases they find this relevant for?

[AbhiSharma1210]

Good shout. Anyone care to open a PR for codebases they find this relevant for?

If no one else takes this, then I'll take it and will try to update it this weekend.
Task: Update the Readme file of the repo(s) that uses Chainlink-brownie-contracts with this info.

Let me know if anything else is required.

[EngrPips]

I think that is what needed to be done.

[AbhiSharma1210]

I'll try to update this today. @PatrickAlphaC should I update the main cource page (Eg: this Foundry-Full-Course) or should I change individual projects that utilized brownie kit. Personnaly I think the later is a better options since this is where people will be coming again and again to but still want your advice.

[PatrickAlphaC]

Up to you, both are probably good!