DEV Community

loading...

Discussion on: Say yes to Deno?

Collapse
sewangco profile image
Saji Wang Author

What I meant with the problem with node and security is that when we use NPM to install a package for our node app, we are not always aware of what is happening. It can in a sense do something unauthorized.
There has in the past been a scandal with NPM packages. If you want to read more on that: javascript.plainenglish.io/the-big....

Meanwhile, Deno does not rely on NPM at all.

Collapse
strottos profile image
Steven Trotter

Potentially you could say this is a problem with all modern languages that Deno at least partially fixes. I mean how do I know if I run some random Python thing from github on my machine that it won't just remove all my documents on my computer other than it never has happened to me personally? Bad things have happened in Node though I understand, whether it's their fault or it's the fault of open source software doesn't matter. I could read all the code thoroughly but that's still no guarantee I'll catch everything (or even anything). Maybe Deno is genuinely breaking new ground here as with Deno I could deny it the security required to do so. Just because none of the other languages have acknowledged it doesn't mean it isn't a problem.