Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: How secure is the JavaScript NPM eco-system?
4 points by Blackstone4 on May 23, 2018 | hide | past | favorite | 3 comments
I feel like security is a big issue for the JS eco-system. Every app replies on at 10 if not more modules. Each of those modules then imports a bunch of other modules. You often end up with 100+ modules in node_modules/

Is this as big an issue as I think it is? Who checks the code? I would love to get HNers view on this.




>Who checks the code?

This is not specific to NPM. You can ask the same question for any language repository. And the answer will be in the most cases same.


True but with NPM, I feel like the surface area is much larger because of the number of modules.

If you use Golang, then you'll mostly be using the stdlib plus some libraries. A much smaller surface area and checking that code becomes more feasible.


Probably no one. It only takes one deranged mind to leave something innocent in a tiny module.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: