Tried to see why Wordpress (PHP) keeps getting vulnerable with modules that often overlook on their responsibility. I thought both modules for NodeJS and Meteror are pretty easy to develop and can still get into complexity. Reading a blog on security and wasn’t aware an unheard of vulnerability scanner for Nodejs and it’s still young and so simple to test! Surprise, googling don’t listed Snyk.
If you’re serious about security and code quality for all modules for NodeJS and Meteor? I love to see them support Meteor and modules and this should make Meteor with predictable and bright futures!
Please, the community need to make 2016 a better year or outdid itself with these capabilities for all sizes for projects, which some small startup are holding back from adopting Meteor is they can’t support them efficiently. Be proactive in security.
That’s an excellent article. I agree with everything he says. Every Meteor developer and especially MDG should read it too.
Here’s a notable quote:
For us to have a shot at making the web secure, we must bring security
into the core. We need to give it no less attention than that we give
browser compatibility, mobile design or web page load times. More
broadly, we should see security as an aspect of quality, expecting both
ourselves and our peers to address it, and taking pride when we do it
well.
This is the same sentiment that I expressed recently in Security not a priority?. As I had mentioned there, security should be one of the core principles of Meteor and MDG and promoted / marketed as such. Every Meteor developer (especially package developers), with MDG taking the lead, needs to raise their level of security consciousness.