On 18/04/14 11:30, Aymeric Vitte wrote: [...] > - nodejs is easy to audit (assuming that modules like V8 can be > audited), you can override node's functions/objects if you like [...]
Actually, in my mind, that's one point against safety of Node.js applications. Redefining, say, Array.prototype.forEach is a good way to introduce hard-to-track bugs. Doubly so if this is done silently by importing a package (almost sure the latter is possible, but I haven't actually checked). Cheers, David -- David Rajchenbach-Teller, PhD Performance Team, Mozilla
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
