|
|
|
|
|
|
by gabdpipi
23 days ago
|
|
|
Yeah that’s fair. It’s only as secure as the weakest link. That was one of the promises of wasm was sandboxing npm packages independently. Not sure what happened with that or not but I’d be curious to know now we’ve had a lot of recent supply-chain publicity. For example, if every fetched module is sandboxed and even if they got compromised there would be more protection. It would be more “when” not “if” the package is compromised, nip it in the bud. But then attackers will target the most exposed packages… :) Security is hard. |
|
|