Do you take security into consideration when using open source npm components in your applications?

Question

Using open source npm packages (JavaScript) is what we do when developing awesome web applications. Lately attacks using vulnerabilities are on the rise and becoming more and more serious. Do you care about securing the dependencies you use in your applications? - If YES - what tools do you use and is there anything you're missing? - If NO - why not? For reference, we just launched our product Bytesafe here on Product Hunt for secure management of open source dependencies and wanted to check the community interest on the topic.

Daniel Parmenvik · Accepted Answer

@jaskiran_kaur I totally agree with you that security should be something everyone should care about. Yet, we often see that there are so many businesses that use open source code that have known vulnerabilities. Is it because of lack of awareness, no proper tooling, financial restrictions or resources, lack of time of priority? Like you mention - the consequences can often be devastating.

Jaskiran Kaur · Answer

I think, we should always consider security. As in the internet we are living. Data is crucial and therefore it is important to prevent it. We have heard many times in news that our data has leaked by a company on dark web,etc.

Daniel Parmenvik · Answer

Here's a great example of what can happen when you fail to take dependency security seriously: https://bytesafe.dev/posts/case-study-protecting-every-part-of-the-organization-from-malicious-threats/

Do you take security into consideration when using open source npm components in your applications?

Replies