(no title)
hassy | 3 years ago
I mentioned elsewhere in the comments that we have a Docker image, and are working on other methods of installing the CLI to alleviate some of these dependency-related concerns.
Getting side tracked here, but there seems to be a common sentiment when it comes to Node.js that it's uniquely insecure. Node.js has indeed had some unfortunate press when it comes to supply-chain security, but every other runtime is susceptible to those attacks (PiPy, Gems, Maven, Rust Crates). Ultimately of course, if you choose to avoid using any software built on top of those stacks, that's your choice.
Artillery specifically is no different to any other Node.js-based project in how large the dependency tree is. VSCode for instance is used by millions of developers has 1.6k dependencies [1].
numlock86|3 years ago
Yes, of course. I was just taking an arbitrary example from my common HTTP toolbox.
> VSCode for instance is used by millions of developers has 1.6k dependencies [1].
VSCode is maintained by Microsoft plus a huge community and they are transparent about their process in regards of auditing/freezing dependencies.