On 18/04/14 11:30, Aymeric Vitte wrote: [...] > - nodejs is easy to audit (assuming that modules like V8 can be > audited), you can override node's functions/objects if you like [...]
Actually, in my mind, that's one point against safety of Node.js applications. Redefining, say, Array.prototype.forEach is a good way to introduce hard-to-track bugs. Doubly so if this is done silently by importing a package (almost sure the latter is possible, but I haven't actually checked). Cheers, David -- David Rajchenbach-Teller, PhD Performance Team, Mozilla -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
