Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Having 3 vulnerabilities discovered yesterday is bad
Having 1 vulnerability discovered in the 90s is worse. -
Log4shell is pretty bad because any informed amateur hacker can pull it off. On the other hand, in 7th grade I took down my high school's server with SQL injection and it wasn't me because I was the first to think of it but rather because I was the first to find the vulnerability before thinking about the consequences.
-
Voxera113883yTo be honest, that is less js and more bad libraries.
Was the fixed libraries recently released or had they been out for a while?
Seems strange that bug fixes replace dependencies with new ones that are insecure, or was it other libraries that was upgraded to versions with vulnerabilities? -
sariel84473y@Voxera to be honest there's nothing critical about this project since it's something personal I'm building.
I'm sure it grew because the dependencies have exposures. It's just crazy to me that it jumped from 7 to 11+2.
I rolled the "fix" back and moved on with my night.
For me to actually fix it would probably take me longer than the time I'm willing to spend to make it work with the latest libraries. I say this because I'm sure that it wouldn't remove any of the existing vulnerabilities and would only waste my time.
It's definitely made me rethink using npm in any future frontend projects in the future but choices are clearly limited. -
@ostream Makes sense, I was just confused because you wrote "he made a new runtime" which implied for me that you meant NPM.
Have you tried Deno yet? It's still on my list... -
It's not node is a barely functioning tool kit designed to make more work and fuck with you mean while
Fucking lodash had remote vulnerabilities ! Lol
Related Rants
No other language can do something as fucky as javascript.
"7 high severity vulnerabilities"
$> npm audit fix --force
"13 vulnerabilities (11 high, 2 critical)"
How is this fixed?!
It will be a great day when JS finally prolapses under the weight of its own hubris.
rant
javascript
wtf
not fixed