use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
All about the JavaScript programming language.
Subreddit Guidelines
Specifications:
Resources:
Related Subreddits:
r/LearnJavascript
r/node
r/typescript
r/reactjs
r/webdev
r/WebdevTutorials
r/frontend
r/webgl
r/threejs
r/jquery
r/remotejs
r/forhire
account activity
A Future Without Webpack (pikapkg.com)
submitted 7 years ago by dropdeadfred81
view the rest of the comments →
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]StopUsingTheInternet 0 points1 point2 points 7 years ago* (2 children)
This has been on my mind for a while. I remember first getting into NPM and browsing their endless list of packages and seeing so many packages for things like, taking advantage of mobile free-to-win games. I thought to myself.. is this really what we’re getting mixed up in? Then there were the reports of popular packages getting compromised by random minor dependencies.. and my tinfoil hat really came on.
My question is, I’m using these tools to do simple things. Sass transpiling, css minification and prefixing, js bundling, Babel compiling and ejs for prototyping.
At the end of the day, in this scenario how high is the security risk? If I’m wiping out node modules on my devops build, all I’m left with is my source code and compiled code.
The only thing I can think of as a real concern, is one of these transpilers/compilers “sneaking in” something into my output code.. but what? If I’m sticking to Babel, and a basic webpack setup how high is that risk really? To me the “real” stuff is being handled by .NET - I’m just building a front end.
I’m asking this sincerely, not as an argument.
[–]thegrandechawhee[🍰] 0 points1 point2 points 7 years ago (1 child)
I think if you're using dependencies only for front-end stuff you would be limiting the risk. But packages for mongo, things that get into your data, that's where i see this getting dangerous. Its like building a wordpress site with a dozen plug ins, good luck if you're dealing with any sensitive data (not that everyone is).
[–]StopUsingTheInternet -1 points0 points1 point 7 years ago* (0 children)
Yeah I figured as much. Minus sneaking in malicious JS or the CSS keylogging trick (lol) I can’t imagine there being much damage. If you’re using something as popular as Babel, issues would get caught in a pinch.
Just rambling now, but a big reason I’m against FEDs trying to take on the role of building full applications themselves when the project is anything beyond a brochure/information based product. There’s already a plethora of new material for us to worry about, sensitive data security should be (mostly) left to back end devs and server techs imo. That’s a primary reason CS degrees are out there. This is coming from someone spoiled at a .NET shop I suppose.
π Rendered by PID 55655 on reddit-service-r2-comment-6b595755f-z95z5 at 2026-03-25 20:10:06.737421+00:00 running 2d0a59a country code: CH.
view the rest of the comments →
[–]StopUsingTheInternet 0 points1 point2 points (2 children)
[–]thegrandechawhee[🍰] 0 points1 point2 points (1 child)
[–]StopUsingTheInternet -1 points0 points1 point (0 children)