Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
isawen1207yThe deep the reading the more interesting it gets and points to threats unimaginable before.
-
A good cure against this:
* Ask yourself, continuously: Do I really need this? Should I use this library, should I even need to use *any* library?
* Develop a small set of personal libraries, modules and tools. Maybe you agree that Jquery is gross and React is overkill for your personal blog... but a little ajax call wrapper might be useful? Some animation effects you like? A bit of string manipulation, you can handle that by yourself right?
* Contribute to projects, read their code. Like the author mentions, there are ways around this by minifying/ tarring infected samples into package manager repos manually, but still... more human eyes on malicious open source code will at least filter the most obvious shit.
But in the end, we're also going to need way stricter distribution tools. All package managers really must start thinking about rules, detection mechanisms and verification tools. -
anitavm19967yThe thing is that whether it's online or someone skimming your card at a foreign hotel - your sensitive details will eventually get out somewhere if you're not careful enough. For that reason you should make use of two-factor authentication, check your statements and change your passwords regularly. We put security gates in at our houses - but we still have insurance (it's the same principle)
Related Rants
Pure evil and geniusness, this is a must read for JavaScript developers and security enthusiasts !
https://hackernoon.com/im-harvestin...
rant
npm
security
javascript