Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
nodejs-private/security membership review?
See original GitHub issueThis WG has a policy around membership in @nodejs-private/security but the membership of that group does not correspond to policy if I’m not mistaken. Is this something that should be escalated to the TSC to deal with? Or is that policy merely a recommendation and not binding? Or does the policy need updating to reflect practice? Or something else?
Issue Analytics
- State:
- Created 5 years ago
- Comments:19 (19 by maintainers)
Top Results From Across the Web
NodeJs Development Services Reviews & Product Details - G2
Describe the project or task the provider helped with: ... Node JS is best to create real-time chat applications, for email sender technology...
Read more >TSC/Security-Team.md at main · nodejs/TSC - GitHub
Node.js security team members are expected to keep all information that they have privileged access to by being on the team completely private...
Read more >Node.js Vulnerability Cheatsheet | ShiftLeft Blog
25 vulnerabilities to look out for in Node JS applications: Directory traversal, prototype pollution, XSSI, and more…
Read more >How to Approach Security with Node.js
Starting security reviews often early and consulting with security specialists to understand can relate your projects specifics to attacks that have happened in ......
Read more >8 elements of securing Node.js applications
This article covers eight key elements of building security into your software development process to make your Node.js applications and modules ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I believe we keep
@nodejs/securityaround as a mirror of@nodejs-private/securityso that people who don’t have access to@nodejs-securitycan ping the team.Michael, it’s probably worth discussing, but if you want that policy change, I’d ask that you open a separate issue. I have concerns (but am not necessarily opposed) in that the Build WG has some folks on it that have been inactive for a long time and that should not IMO have access to the private repos. But I defer to the Security WG on it.
I’ll take this to TSC email and then hopefully make the change and then we can close this issue.