On 2/28/18 5:23 PM, Nicholas Alexander wrote:
> Hello dev-platform,
> For the reasons outlined at
> https://docs.google.com/document/d/1tOA2aeyjT93OoMv5tUMhAPOkf4rF_IJIHCAoJlwmDHI/edit?usp=sharing,

It would be good to document the security implications of this approach.
By using Node we will probably inherit a large number of third-party
dependencies. Although we could use a service such as the Node Security
Platform [1] to determine the security status of these dependencies,
regular monitoring and upgrading will be needed to ensure that we do not
introduce vulnerabilities into our build process.

Thanks for listening. :-)


[1] https://nodesecurity.io/

Attachment: signature.asc
Description: OpenPGP digital signature

dev-builds mailing list

Reply via email to