A static archive of Markus Tacker's tweets. Follow me on Mastodon: @[email protected].
@c089
@dan_abramov If a "security" feature lets me
install a backdoor it is broken. The registry should not distribute malicious
code in the first place (and that's what they do, they remove those packages).
The point here is that we can install packages which might have a security
implication. >
@c089
@dan_abramov And the package manager has no
way of telling how the code is actually used.
There I think we can have the developer "mute" specific vulnerabilities, like
you can do for linting.
If you look at the current warnings, a rough separation between dev and non-dev
will reduce noise.