re: How do we improve security in the npm ecosystem? VIEW POST


I don't have any numbers to back this up but I believe that an issue in the JavaScript ecosystem is the lack of a decent standard library.

Because of that you need an external library for pretty much everything you do (left-pad anyone?) and that's adding a lot of potentially compromised dependencies in your tree.

If we could unify this JS ecosystem with a large standard library that can also be progressively polyfilled into older browsers this would be a great way to reduce the attack surface.

code of conduct - report abuse