On Dec 18, 2013, at 7:23 AM, Richard Marr <[email protected]> wrote:
> I'm working on an app where security is an issue, and among the (many) things > that I'm frothingly paranoid about is the possibility of malicious (or more > likely just untested) code somehow getting into our app, even though we're > using shrink-wrapped versions. It means we'll have to be much more careful > with the way we proxy the npm registry. I’d like to know this, as well. One of the guarantees made by the Maven central repository is that artifacts (packages) can check in, but they can never check out. I frankly don’t think NPM provides this type of assurance, but it should. Otherwise the only way an organization can trust packages is to run their own repository. -- Brian Lalor [email protected] -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
