|
|
|
|
|
|
by thinkharderdev
1743 days ago
|
|
|
Or, maybe developers who choose other languages are also competent professionals who make language/framework choices for good reasons. I have no considered opinion about PHP but one reason I have never used it for a web application backend is because I do a lot of coding that PHP is not well-suited for (high-performance, data intensive) and it is easier to write the web server in the same language I use for everything else. Also, in general passing untrusted input to shell commands is probably a bad idea. FFmpeg has had many CVEs over the years and taking an upload from a user and piping it to a CLI command is asking for trouble. There are considerations beyond just doing the easiest thing that could possibly work. |
|
|
This is why you escape the shell command arguments, but if you blindly npm install a shitty wrapper you probably hit the issue with security issues. Sure review of the dependency would be great but I did not seen many devs doing it, if they would have reviewed the ffmpeg wrapper would have noticed the simplicity and implemented themselves and on top of that learned some new stuff.
>Or, maybe developers who choose other languages are also competent professionals
I did not say that all of node developers are beginners, I am saying that many developers are not using the right tool for the job but use the cool tool for the job and some developers just blindly npm install shit because this is the only thing they know.
And I can confess I was guilty of this, on a project I propose to use Qt4 over Adobe Air because I was fan Qt and hated Adobe , turned out in the end I was forced to use Adobe Air and I loved it, for what we were doing it was the best tool for the job.