Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Log4shell is pretty bad because any informed amateur hacker can pull it off. On the other hand, in 7th grade I took down my high school's server with SQL injection and it wasn't me because I was the first to think of it but rather because I was the first to find the vulnerability before thinking about the consequences.
-
@Voxera to be honest there's nothing critical about this project since it's something personal I'm building.
I'm sure it grew because the dependencies have exposures. It's just crazy to me that it jumped from 7 to 11+2.
I rolled the "fix" back and moved on with my night.
For me to actually fix it would probably take me longer than the time I'm willing to spend to make it work with the latest libraries. I say this because I'm sure that it wouldn't remove any of the existing vulnerabilities and would only waste my time.
It's definitely made me rethink using npm in any future frontend projects in the future but choices are clearly limited. -
@sariel The only winning move is not to play
This never gets old...
Found this in our codebase, apparently one of my co-workers had written this
No other language can do something as fucky as javascript.
"7 high severity vulnerabilities"
$> npm audit fix --force
"13 vulnerabilities (11 high, 2 critical)"
How is this fixed?!
It will be a great day when JS finally prolapses under the weight of its own hubris.
rant
javascript
wtf
not fixed