Concerns: many dependencies outdated and unmaintained. #384
Comments
|
I agree. I think this whole cloud could be much better, if we either put more energy into patching security topics. My proposal some year ago was to re-vitalize and set this platform properly up with a much better modularization and cloud native ways. Unfortunately this was not going forward. As everybody has much to do and other works. I would still open to re-do this cloud platform with newer stack anf cloudnative ways, making things more secure and scalable. BR Mehmet |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
When I looked through the nodejs code I found a lot of security issues regarding outdated binaries unmaintained dependencies.
one example is ejs dependency that has been dead for years it could probobly be replaced with something like pugjs (former known as jade)
But I think it's time to stop patching to get it working, instead think of building a newer more secure platform.
The aim for the platform should be to use things that are known to be maintained (please no single maintainer) and secure, this system is reachable from the whole internet so it's not good to have it slack on security issues like it does now.
The text was updated successfully, but these errors were encountered: