Atmosphere shows aldeed:collection2 as depending on insecure


#1

Hi,

I wanted to try collection2, which seems to be very popular. Something that worries me a little is that it’s depending on the insecure package, which allows mostly all collection-operations on the client (without restriction).

Isn’t this something to worry about? I searched this forum and the github issues, but it seems that this hasn’t come up yet (or at least I did not search well enough).

Regards,
Stephan


#2

If you look at the code here:

It’s actually a weak dependency, so it doesn’t pull in the package.

Perhaps Atmosphere should detect this when listing dependencies. I would suggest filing an issue on Atmosphere: https://github.com/percolatestudio/atmosphere/issues

[Edited the title so that people who just read the title don’t get worried!]


#3

Hi @sashko

Thanks for pointing that out, that’s good to know and very soothing.

Yes, didn’t want to scare anyone, thanks.

Have a nice day!