What I meant with the problem with node and security is that when we use NPM to install a package for our node app, we are not always aware of what is happening. It can in a sense do something unauthorized.
There has in the past been a scandal with NPM packages. If you want to read more on that: javascript.plainenglish.io/the-big....
Potentially you could say this is a problem with all modern languages that Deno at least partially fixes. I mean how do I know if I run some random Python thing from github on my machine that it won't just remove all my documents on my computer other than it never has happened to me personally? Bad things have happened in Node though I understand, whether it's their fault or it's the fault of open source software doesn't matter. I could read all the code thoroughly but that's still no guarantee I'll catch everything (or even anything). Maybe Deno is genuinely breaking new ground here as with Deno I could deny it the security required to do so. Just because none of the other languages have acknowledged it doesn't mean it isn't a problem.
It is not a thing that Node introduced, but it has been one of the most affected by far, with increasing numbers of malitious packages being published to NPM
The reality is that when using third party libraries nobody guarantees they are safe to use, so at least the sandbox gives you the option to debug these issues, something no other system (that I know of) has allowed you to do before
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
What’s up with the sandbox security problem ?
node was designed to ”leverage” javascript as a real language that can interact with the system.
By saying node opened a security breach, you re just saying every computer language is flawed.
I think it's less about criticizing Node.js or any other programming language, and more about highlighting a problem that Deno team addresses.
What I meant with the problem with node and security is that when we use NPM to install a package for our node app, we are not always aware of what is happening. It can in a sense do something unauthorized.
There has in the past been a scandal with NPM packages. If you want to read more on that: javascript.plainenglish.io/the-big....
Meanwhile, Deno does not rely on NPM at all.
Potentially you could say this is a problem with all modern languages that Deno at least partially fixes. I mean how do I know if I run some random Python thing from github on my machine that it won't just remove all my documents on my computer other than it never has happened to me personally? Bad things have happened in Node though I understand, whether it's their fault or it's the fault of open source software doesn't matter. I could read all the code thoroughly but that's still no guarantee I'll catch everything (or even anything). Maybe Deno is genuinely breaking new ground here as with Deno I could deny it the security required to do so. Just because none of the other languages have acknowledged it doesn't mean it isn't a problem.
It is not a thing that Node introduced, but it has been one of the most affected by far, with increasing numbers of malitious packages being published to NPM
The reality is that when using third party libraries nobody guarantees they are safe to use, so at least the sandbox gives you the option to debug these issues, something no other system (that I know of) has allowed you to do before