|
|
|
|
|
|
by simion314
1743 days ago
|
|
|
>Also, in general passing untrusted input to shell commands is probably a bad idea. This is why you escape the shell command arguments, but if you blindly npm install a shitty wrapper you probably hit the issue with security issues. Sure review of the dependency would be great but I did not seen many devs doing it, if they would have reviewed the ffmpeg wrapper would have noticed the simplicity and implemented themselves and on top of that learned some new stuff. >Or, maybe developers who choose other languages are also competent professionals I did not say that all of node developers are beginners,
I am saying that many developers are not using the right tool for the job but use the cool tool for the job and some developers just blindly npm install shit because this is the only thing they know. And I can confess I was guilty of this, on a project I propose to use Qt4 over Adobe Air because I was fan Qt and hated Adobe , turned out in the end I was forced to use Adobe Air and I loved it, for what we were doing it was the best tool for the job. |
|
|