You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In light of the node-ipc malware, I am now worried about what code packages may secretly inject into my software. Of course there is always some element of trust required with module dependencies, but at the same time, no one has time to review every single update to every single module they use in their project to make sure nothing malicious has occurred.
Recommend a go.mod or similar file that allows defining if network and/or file access is permitted.
The text was updated successfully, but these errors were encountered:
OS has offer "file permission" as for the node-ipc incident is what you WILL get by using dymanic language.
It's unlikely happend around Go ecosystem since most of Go programe/module are distributed by source code and you have to compile them by yourself.
Unlike other projects, we do not use the issue tracker for questions such as these. It is only used for bugs and feature proposals. I will close this issue and please visit https://github.com/golang/go/wiki/Questions.
In light of the node-ipc malware, I am now worried about what code packages may secretly inject into my software. Of course there is always some element of trust required with module dependencies, but at the same time, no one has time to review every single update to every single module they use in their project to make sure nothing malicious has occurred.
Recommend a go.mod or similar file that allows defining if network and/or file access is permitted.
The text was updated successfully, but these errors were encountered: