|
|
|
|
|
|
by lancestout
4762 days ago
|
|
|
This is actually goes to the point behind the http://nodesecurity.io initiative - building up the security mindedness of the node community by auditing npm modules for various vulnerabilities and making it easy to responsibly disclose vulnerabilities to module maintainers [1]. We're in the process for the first audit wave (checking for things like child_process.exec), and have already had several modules get patched. IIRC, the npm maintainers have expressed interest at the recent node confs/meetups about incorporating security advisory information into the npm package results, to alert people about potential issues when installing modules. [1] http://blog.liftsecurity.io/post/52010883123/security-md-imp... |
|
|