|
|
|
|
|
|
by justinclift
1226 days ago
|
|
|
Hang on, this doesn't appear to be Open Source. The source code itself doesn't seem to be available (eg for security scanning). Is that correct? If that's indeed the case, then with NodeJS/npm's ongoing problems with malicious packages... this seems like a problem. :( |
|
|
But since it's an NPM package, the transpiled and minified code is of course available for automated security scanning (it's not uglified or obfuscated).
I don't think having the project open source will change a lot about security. It's a fairly complex project, and someone manually reviewing of all the code is unlikely.
Also, malicious packages is especially a problem for very common dependencies. And Luna Park is not gonna be a hidden dependency of a lot of packages.
On a side node, maybe the editor code will go Open Source someday, but since there's no way back to that decision, I'm taking time to reflect on this.