@yurivict wrote:
> This subjects users to the danger of some of these accounts to go rogue and
> deliver malware to them, since NodeJS technology doesn't have any safeguards
> against this
Related: [Two malicious Python libraries caught stealing SSH and GPG
keys](https://news.ycombinator.com/item?id=21701488)
There is no point in picking on npm (nodejs) specifically when it comes to
malicious code being introduced via dependencies. Whatever language / runtime
environment you use, always check your dependencies closely and pay close
attention to name spoofing / typosquatting.
> there's little chance that major packaging systems would adopt them. You can
> see that the Atom editor for example isn't packaged by Debian
FYI, here is the Debian bug for packaging Electron:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842420
And here is the Wiki page tracking the progress:
https://wiki.debian.org/Javascript/Nodejs/Tasks/electron
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/tim-janik/beast/issues/132#issuecomment-561831549
_______________________________________________
beast mailing list
[email protected]
https://mail.gnome.org/mailman/listinfo/beast
