Hacker News new | ask | show | jobs
by AsymetricCom 4667 days ago
How does node.js have security advisories? Isn't the fact that it's built on top of JavaScript kind of throw the idea of security out the window to start with? Shouldn't we start with JavaScript security advisories first?

Honest question, have you ever seen a public Javascript security advisory?
1 comments
cleverjake 4666 days ago
>> Isn't the fact that it's built on top of JavaScript kind of throw the idea of security out the window to start with

No.

>> Shouldn't we start with JavaScript security advisories

Its a language, not a specific implementation of a language. Chromes javascript engine is what would have security vulnerabilities, no javascript itself.

This isn't security advisories for node itself, it is for node modules. the node security project is auditing all of the modules in npm for security issues, and posting about them there.

link
AsymetricCom 4666 days ago
>> Its a language, not a specific implementation of a language.

It's not even that, it's a dialect of ECMAScript.

link