> FYI, here is the Debian bug for packaging Electron:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842420
There's nothing wrong with Electron itself. It has been ported to FreeBSD and
is long available in ports. The problem is that Electron is used as a Trojan
Horse to drive NodeJS packages.
> Whatever language / runtime environment you use, always check your
> dependencies closely and pay close attention to name spoofing / typosquatting.
No. Other projects have a more centralized nature with upstream devs having
control over the content of used dependencies. In NodeJS npm just downloads the
latest versions of hundreds/thousands of GitHub projects without anybody being
able to even track what versions are used n particular cases. There is no easy
way to freeze dependencies, to have reproducible builds, to fingerprint files,
etc. This creates an ecosystem prone to security violations.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/tim-janik/beast/issues/132#issuecomment-561870739
_______________________________________________
beast mailing list
[email protected]
https://mail.gnome.org/mailman/listinfo/beast
