Discussion

Sign in or Join to comment or subscribe

2023-04-22T22:22:31Z ago

Whew this actually made me not want to use this 😅. This is one of the reasons I like Deno though with the security. Also the bit about having to always give permissions in production is a tad misleading.

I do like how this tool gives you context on libraries (known squatter, been part of recent malicious attacks, etc). It sounds like the software is difficult to maintain through npm updates (actual new versions of npm not the command).

Im going to give this another listen though

Jerod Santo

Jerod Santo

Bennington, Nebraska

Jerod co-hosts The Changelog, crashes JS Party & takes out the trash (his old code) once in awhile.

2023-04-23T14:54:57Z ago

Also the bit about having to always give permissions in production is a tad misleading.

Is this not the case in your experience? I can’t imagine, for example, a typical CRUD web app* that doesn’t have to read environment variables, access the network, read (and usually write) from the file system, and more.

Player art
  0:00 / 0:00