|
|
|
|
|
|
by onion2k
1690 days ago
|
|
|
Good advice, but these are NPM packages in WordPress plugins. It'd be unusual to have Node running on a server that's running WordPress, so it's very likely that these NPM packages are actually being delivered to the users of the website as part of the pages they're viewing (clientside components like custom dropdowns, calendars, etc are a typical use case). No amount of server hardening is going to protect the client if that's the case. The only option is to flag them as either insecure or unchecked. |
|
|
I personally dislike this new age and miss the days of hacking with just a text editor and browser, but I understand their benefits.