|
|
|
|
|
|
by oarsinsync
2559 days ago
|
|
|
And to follow up specifically to the npm modules, if you're self hosted, you can (but probably wont) audit the contents of what's been deployed when you deploy. You can then also keep that snapshot frozen in time, so you wont necessarily be impacted by any changes to those modules in future. If you're using the hosted version, you have no idea whether or not the modules are being updated, which versions are in use, etc. Having control of your environment gives you the opportunity to be more (or even less) secure. It's important to fully understand the risk / potential harm that outsourcing that responsibility to random persons can have. |
|
|