Fresh-node: 19.10.1

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Fresh-node: 19.10.1

Krinkle
I've published a new version of Fresh. Fresh is a simple way to create
light and fast isolated contexts in your Terminal. For example, when you
need to run 'npm' commands that install and run code needed for ESLint,
Grunt or Selenium tests.

Get started at https://github.com/wikimedia/fresh

See also:
*
https://www.mediawiki.org/wiki/Manual:JavaScript_unit_testing#Getting_started
*
https://www.mediawiki.org/wiki/Selenium/Node.js/Target_Local_MediaWiki_(Container)

Background:
Last month I wrote [1] about the risk and dangers involved with running
"npm install" and "npm test" commands as developers. In a nut shell: There
are no built-in protections. At risk are your personal data, web browser
session, and more. Interactions with 'git', 'sudo' or 'ssh' are also easy
to spy on or influence. This all in addition to the "normal" risk of
packages having undiscovered malicious (or non-malicious) security problems
in indirect dependencies that have never been audited for security by
anyone you'd know or trust. In particular, I think it is important to
understand that npm is different from Debian or PyPi in terms of social
etiquette and curation. More about that at [1].

-- Timo

[1]
https://medium.com/@timotijhof/how-to-protect-yourself-from-vulnerable-npm-packages-c03f85249651
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l