151
NoJS
7y

Boss : How do you access code at home ?

Me : Well, Git is fairly accessible from anywhere with the right credentials at hand

Boss : What of you have virus in your system ? Can't the virus infect our NodeJS code ?

Since then, I haven't been able to get out of the mental comatose induced.

Comments
  • 12
    Even though he isnt aware of it he has a point. I have several git-projects whose upstream is secured via keyfile. There are no passwords on those keys, a simple git push can upload changes. If you have a simple branch-system and the virus is sneaky enough this could work (e.g. add your malicious npm module to node projects)

    Now i want to see a virus that exploits this ^^"
  • 2
    They’re probably looking at from a different angle but there is an argument to be made. If, for example, malicious code is added to your codebase and you unknowingly push it upstream, there could be potential issues. On websites if I link to a third party JS file, and their files got like coinhive pushed into it through set for process then potentially it could infect users through my site. Probably explained my thoughts like crap so sorry about that
  • 1
    He is actually right. If you tell him that you have password protected push rights (ssh based) then okay otherwise it is a big worry for you.
  • 1
    For a moment I thought he is comparing Nodejs to NOD32😂
Add Comment