top | item 46028188

(no title)

cetra3 | 3 months ago

> Node.js and Go are considered practically safe language

Node JS has had vulnerabilities in the past: https://www.cvedetails.com/cve/CVE-2021-22940/

Go is also not Memory safe: https://www.ralfj.de/blog/2025/07/24/memory-safety.html

discuss

tptacek|3 months ago

Node.js and Go are both memory safe, as are Python, Ruby, and Java. "Memory safe" is a term of art referring to susceptibility to memory corruption vulnerabilities in code written by an ordinary practitioner of the language. Almost invariably, attempts to show languages like Go and Python as memory-unsafe involve a programmer deliberately working to defeat the language. But you can do that in any language, including Rust.

There are essentially just two mainstream memory-unsafe languages: C and C++.

GaggiX|3 months ago

It's easy to cause memory corruption with Go while building a concurrent system, you don't need to learn anything about "defeating the language".

rowanG077|3 months ago

Having run into memory issues in go but not (yet) in rust I would tend to disagree with this. It's really not hard or esoteric to run into it in go.