|
|
|
|
|
|
by btown
1559 days ago
|
|
|
Beyond the obvious security considerations, there are also massive legal/IP considerations. peacenotwar is explicitly GPLv3 but was added to node-ipc which still claims to be MIT licensed. Suddenly, any user shipping code dependent on node-ipc or Vue could be in violation of that license. IANAL and don’t know if unknowing breach of the GPL would be enforceable… but zooming out, it’s worth noting that deep software supply chains can carry risk beyond just the risk of an explicit coded attack. |
|
|