But here you do not have necessarly to import things and/or libraries, you can package everything with your app so you control your package and nothing can come from the outside or be injected.
Node is not an enormous platform with tons of dependencies, easy to check. My opinion... You should bring node to FF OS :-) Regards Aymeric Le 18/04/2014 11:34, David Rajchenbach-Teller a écrit :
On 18/04/14 11:30, Aymeric Vitte wrote: [...]- nodejs is easy to audit (assuming that modules like V8 can be audited), you can override node's functions/objects if you like[...] Actually, in my mind, that's one point against safety of Node.js applications. Redefining, say, Array.prototype.forEach is a good way to introduce hard-to-track bugs. Doubly so if this is done silently by importing a package (almost sure the latter is possible, but I haven't actually checked). Cheers, David
-- Peersm : http://www.peersm.com node-Tor : https://www.github.com/Ayms/node-Tor GitHub : https://www.github.com/Ayms -- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk