Tell HN: A gigantic JavaScript security opportunity – who is going to do it?

3 points

9 years ago

There needs to be some sort of new "antivirus" type application that does the job of ensuring a javascript application is built from packages that are secure/not compromised.

I do not want my code to have this sort of thing: https://www.google.com.au/search?q=malicious+npm+package

Doing all this is too brittle and not repeatable enough: https://www.twilio.com/blog/2017/08/find-projects-infected-by-malicious-npm-packages.html

Presumably there is alot of work to be done for this package to know all current security issues and analyze packages to find them, but that's where the opportunity is.

As a developer, I don't want to be using malicious components, I would rather buy some antivirus type package and scan my application or source code or something.

I will pay money to buy this service/application.

4 comments