Re: [tim-janik/beast] Many build issues on FreeBSD (#132)

@yurivict wrote:

This subjects users to the danger of some of these accounts to go rogue and deliver malware to them, since NodeJS technology doesn't have any safeguards against this

Related: Two malicious Python libraries caught stealing SSH and GPG keys

There is no point in picking on npm (nodejs) specifically when it comes to malicious code being introduced via dependencies. Whatever language / runtime environment you use, always check your dependencies closely and pay close attention to name spoofing / typosquatting.

there's little chance that major packaging systems would adopt them. You can see that the Atom editor for example isn't packaged by Debian

FYI, here is the Debian bug for packaging Electron:

And here is the Wiki page tracking the progress:

You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]