Ask HN: How are you mitigating the risks of node modules?
It is widely known that node modules are a big security risk because of its deeply nested tree and developers tend to not install new packages just for this.
From a recent HN comment [0]:
> Does anyone know if there has been reliable research towards the security of the entire RN dependency tree? Seeing a stray dep there that has 1 maintainer on npm/GitHub who has been inactive for over a year makes me nervous. Any one of those JavaScript projects could do something nefarious deep under the hood, and this to me seems to expose a huge surface area for attackers.
How are you personally mitigating against the risks or what are the policies/processes at your company?
[0] https://news.ycombinator.com/item?id=23160588
No comments yet.