Re: [tim-janik/beast] Many build issues on FreeBSD (#132)

FYI, here is the Debian bug for packaging Electron:

There's nothing wrong with Electron itself. It has been ported to FreeBSD and is long available in ports. The problem is that Electron is used as a Trojan Horse to drive NodeJS packages.

Whatever language / runtime environment you use, always check your dependencies closely and pay close attention to name spoofing / typosquatting.

No. Other projects have a more centralized nature with upstream devs having control over the content of used dependencies. In NodeJS npm just downloads the latest versions of hundreds/thousands of GitHub projects without anybody being able to even track what versions are used n particular cases. There is no easy way to freeze dependencies, to have reproducible builds, to fingerprint files, etc. This creates an ecosystem prone to security violations.

You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]