|
|
|
|
|
|
by maven29
1370 days ago
|
|
|
Wouldn't dependency hijacking only be an issue during build/packaging, rather than installation when everything is frozen? All you're going to see as an end-user is a prebuilt binary that doesn't even know what NPM is. Again, this is no different from native apps. Native apps are objectively worse than WASM in terms of security/privacy risks as they have access to all userspace syscalls. It's not like WASM bytecode can link against system libraries. Everything has to go through the browser/runtime sandbox. The only real risk here is side-channel attacks like Meltdown. |
|
|