-
|
uWebSockets.js is not an npm based package and is vulnerable to a dependency confusion attack. This is being flagged during security audits. https://unetworkingab.medium.com/beware-of-tin-foil-hattery-f738b620468c This article has some back story. |
Beta Was this translation helpful? Give feedback.
Answered by
enisdenjo
Nov 19, 2024
Replies: 1 comment
-
|
I know about that old article and the uWS author explains there why NPM is not for him. I respect his choice. Furthermore, uWS is an optional peer dependency and as such does not pose a security threat from within the package. |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
enisdenjo
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I know about that old article and the uWS author explains there why NPM is not for him. I respect his choice.
Furthermore, uWS is an optional peer dependency and as such does not pose a security threat from within the package.