@yurivict wrote:
This subjects users to the danger of some of these accounts to go rogue and deliver malware to them, since NodeJS technology doesn't have any safeguards against this
Related: Two malicious Python libraries caught stealing SSH and GPG keys
There is no point in picking on npm (nodejs) specifically when it comes to malicious code being introduced via dependencies. Whatever language / runtime environment you use, always check your dependencies closely and pay close attention to name spoofing / typosquatting.
there's little chance that major packaging systems would adopt them. You can see that the Atom editor for example isn't packaged by Debian
FYI, here is the Debian bug for packaging Electron: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842420
And here is the Wiki page tracking the progress: https://wiki.debian.org/_javascript_/Nodejs/Tasks/electron
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.