|
|
|
|
|
|
by nathan_long
2248 days ago
|
|
|
> That's the same risk you have with any open source project. Yes and no. The larger the number of dependencies you have, and the larger number of maintainers that are behind them, the more chances you have of one of them containing malicious code. I think you're pretty safe from Phoenix or Rails or NodeJS getting owned because so many people work on them. But one of the thousand small packages you use may belong to someone careless or malicious. |
|
|