undefined | Better HN

0 pointsskwee3574mo ago0 comments

I’m not a node/js apologist, but every time there is a vulnerability in NPM package, this opinion is voiced.

But in reality it has nothing to do with node/js. It’s just because it’s the most used ecosystem. So I really don’t understand the argument of not using node. Just be mindful of your dependencies and avoid updating every day.

0 comments

Aperocky4mo ago

It has everything to do with node/js. Because the community believes in tiny dependencies that must be updated as often as possible and the tooling reflects that belief.

shortrounddev24mo ago

it's interesting that staying up to date with your dependencies is considered a vulnerability in Node

bichiliad4mo ago

Having a cooldown is different from never updating. I don’t think waiting a few days is a bad security practice in any environment, node or otherwise.

vrighter4mo ago

But only if most of everyone else doesn't do so.

skwee357OP4mo ago

People who live on the edge of updates always risk vulnerabilities and incompatibility issues. It’s not about node, but anything software related.

j / k navigate · click thread line to collapse