
Ask HN: How secure is the JavaScript NPM eco-system? - Blackstone4
I feel like security is a big issue for the JS eco-system. Every app replies on at 10 if not more modules. Each of those modules then imports a bunch of other modules. You often end up with 100+ modules in node_modules&#x2F;<p>Is this as big an issue as I think it is? Who checks the code? I would love to get HNers view on this.
======
finchisko
>Who checks the code?

This is not specific to NPM. You can ask the same question for any language
repository. And the answer will be in the most cases same.

~~~
Blackstone4
True but with NPM, I feel like the surface area is much larger because of the
number of modules.

If you use Golang, then you'll mostly be using the stdlib plus some libraries.
A much smaller surface area and checking that code becomes more feasible.

------
wolololo33
Probably no one. It only takes one deranged mind to leave something innocent
in a tiny module.

