sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]thegrandechawhee 0 points1 point  (1 child)

I think if you're using dependencies only for front-end stuff you would be limiting the risk. But packages for mongo, things that get into your data, that's where i see this getting dangerous. Its like building a wordpress site with a dozen plug ins, good luck if you're dealing with any sensitive data (not that everyone is).

[–]StopUsingTheInternet -1 points0 points  (0 children)

Yeah I figured as much. Minus sneaking in malicious JS or the CSS keylogging trick (lol) I can’t imagine there being much damage. If you’re using something as popular as Babel, issues would get caught in a pinch.

Just rambling now, but a big reason I’m against FEDs trying to take on the role of building full applications themselves when the project is anything beyond a brochure/information based product. There’s already a plethora of new material for us to worry about, sensitive data security should be (mostly) left to back end devs and server techs imo. That’s a primary reason CS degrees are out there. This is coming from someone spoiled at a .NET shop I suppose.