I believe there could be some malicious code added to the bundle by these depend... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		brulard on Jan 5, 2020 \| parent \| context \| favorite \| on: Parcel – Fast, zero-configuration web application ... I believe there could be some malicious code added to the bundle by these dependencies regardless of where it is being run

filoleg on Jan 5, 2020 [–]

I was mostly addressing the part regarding malicious dependencies gaining access to your local filesystem.

If we are talking about the final bundle itself being compromised, there is not really a technical solution to that other than not using dependencies.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact