|
|
|
|
|
|
by NathanKP
3736 days ago
|
|
|
> curated sets of packages with groups of people focused on doing the auditing and security along side my due diligence How does this differ from how NPM works? For example the set of packages that is utilized by Express is downloaded more than 5 million times per month. There are tons of eyes all over those packages. Sure if you are installing sketchy packages that have 100 downloads a month you have to do a lot of auditing yourself, but when sticking to the core modules that are used in practically every node project you can benefit from the auditing being done by all the others who use those packages. |
|
|