If you afraid of "direct" downloading and executing some of that code, then what... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		batmansmk on May 14, 2020 \| parent \| context \| favorite \| on: Deno 1.0 If you afraid of "direct" downloading and executing some of that code, then what do you think happen when you npm install/pip install a package? I'm very interested if you can expose a new attack vector that didn't exist with the previous solutions.

mirekrusin on May 14, 2020 [–]

You can generate modules on the fly on the server, that require next generated module recursively blowing up your disk space. If deno stores those files uncompressed, you can generate module full of comments/zeros so it compresses very well for attacker and eats a lot of space on consumer side.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact