top | item 45770415 (no title) kigiri | 4 months ago Deno solves this, it's not a JavaScript Issue, it's a Node.JS / NPM issue. discuss order hn newest Sander_Marechal|4 months ago How does Deno solve this? Genuine question by the way. I'm not trying to be snarky. bytefish|4 months ago It provides a runtime, that sandboxes your application and requires you to give explicit permissions for file system operations and network requests.This limits the attack surface, when it comes to installing malicious dependencies, that npm happily installs for you.So yes, I was wrong and my previous comment a hyperbole. A big problem is npm, and not JavaScript.My point about the staggering amount of dependencies still holds though. load replies (1)
Sander_Marechal|4 months ago How does Deno solve this? Genuine question by the way. I'm not trying to be snarky. bytefish|4 months ago It provides a runtime, that sandboxes your application and requires you to give explicit permissions for file system operations and network requests.This limits the attack surface, when it comes to installing malicious dependencies, that npm happily installs for you.So yes, I was wrong and my previous comment a hyperbole. A big problem is npm, and not JavaScript.My point about the staggering amount of dependencies still holds though. load replies (1)
bytefish|4 months ago It provides a runtime, that sandboxes your application and requires you to give explicit permissions for file system operations and network requests.This limits the attack surface, when it comes to installing malicious dependencies, that npm happily installs for you.So yes, I was wrong and my previous comment a hyperbole. A big problem is npm, and not JavaScript.My point about the staggering amount of dependencies still holds though. load replies (1)
Sander_Marechal|4 months ago
bytefish|4 months ago
This limits the attack surface, when it comes to installing malicious dependencies, that npm happily installs for you.
So yes, I was wrong and my previous comment a hyperbole. A big problem is npm, and not JavaScript.
My point about the staggering amount of dependencies still holds though.