Hacker News new | past | comments | ask | show | jobs | submit login

In this case the application also tries to auto-install dependencies, so making it read-only removes one of the stated features.

I think this framework hasn't been written with security in mind at all.




Whatever it's doing, it's not writing the packages into the application directory.


If it can write to the applications dependencies isn't that as good as writing to the application?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: