Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@HAlex i once heard a story about an developer who had some exploits for his open-source mailserver on his disk. But if you think a highly-watched javascript-framework is a threat you're either stupid or have no idea.
But... you can push different code to npm than the one on your github. This is especially true for minified files which get used for production.
So technically they can, but the effort's not worth it -
@YouAreAPIRate you could just check it before using it. Sometimes developers check outing requests to debug services, but no one said anything about Facebook servers
-
@HAlex see this HN link, the way this guy describes it the backdoor is very hard to notice. Only CSP can protect you, but do you have the time for that?
https://news.ycombinator.com/item/...
I'm in a react/vue/angular/polymer-debate. Lets continue this here, but only with the worst arguments you heard about these 4.
I start:
React: "I dont like it, facebook might have a backdoor in the code so they can see what we're developing"
Angular: "We use Google Cloud, angular is developed by google too. There is a synergy between the two"
(If you really need this to be a question, then it's "what are the worst arguments you heard about javascript-frameworks?")
question
technically no question
another javascript post
stupidity hurts me