About new NodeJS requirement
Posted: Sat May 07, 2022 2:16 am
Just noticed https://github.com/hackademix/nscl/issu ... 1117519022, and that the commit referenced there introduces a NodeJS requirement in the build process.
1) What is the exact NodeJS requirement? Is there a minimum supported version?
Does the build process also require something to be installed through npm and/or yarn? Or will it work with only NodeJS itself without any package manager?
Could the details of the NodeJS requirement please be documented in nscl readme?
2) Is it just me, or is requiring NodeJS somewhat ironic for a security tool? Due to concerns about malware written for NodeJS (especially malware written for npm), I don't have NodeJS on my primary machine. I only use NodeJS in disposable, AppArmor-contained VM.
On the other hand, none of my concern is about NodeJS itself. And it seems highly unlikely Giorgio would require NodeJS (not just for NoScript, but for all nscl extensions) if he saw the level of potential security risk I've thought there is.
Should I be re-evaluating my take on NodeJS in light of this? Has something changed since I decided some years back to actively avoid installing NodeJS on my primary system?
Or would I best just move building my nscl-using extensions to a VM?
1) What is the exact NodeJS requirement? Is there a minimum supported version?
Does the build process also require something to be installed through npm and/or yarn? Or will it work with only NodeJS itself without any package manager?
Could the details of the NodeJS requirement please be documented in nscl readme?
2) Is it just me, or is requiring NodeJS somewhat ironic for a security tool? Due to concerns about malware written for NodeJS (especially malware written for npm), I don't have NodeJS on my primary machine. I only use NodeJS in disposable, AppArmor-contained VM.
On the other hand, none of my concern is about NodeJS itself. And it seems highly unlikely Giorgio would require NodeJS (not just for NoScript, but for all nscl extensions) if he saw the level of potential security risk I've thought there is.
Should I be re-evaluating my take on NodeJS in light of this? Has something changed since I decided some years back to actively avoid installing NodeJS on my primary system?
Or would I best just move building my nscl-using extensions to a VM?