undefined | Better HN

0 pointspraseodym7y ago0 comments

From a security standpoint, the attack surface of Node.js and whatever libraries are used to make `npm start` happen is a lot larger than plain Nginx.

From a general usability standpoint, a Node.js container with all build dependencies will surely turn into a bloated several hundred megabyte Docker image — an Nginx image with just the built static files is a lot smaller.

0 comments

2 comments · 1 top-level

shishy7y ago· 1 in thread

I understand you're comparing NodeJS vs Nginx there, but for my curiosity, if someone is building an API, how do you think NodeJS would compare to Ruby on Rails or Python/Django from a security standpoint?

praseodymOP7y ago

I don’t think either language is fundamentally more secure than the other.

That being said, the Node.js ecosystem feels more immature than Python’s. The common practice of using microdependencies means that an average project has countless dependencies with varying levels of support — it’s all but impossible to make sure every one of those dependencies is properly maintained.

The framework/library churn rate seems to have decreased though, so that’s certainly good from a security standpoint as well.

j / k navigate · click thread line to collapse