POLA Would Have Prevented the Event-Stream Incident
erights at gmail.com
Mon Dec 3 22:19:04 UTC 2018
The npm / event-stream incident is the perfect teaching moment for POLA
(Principle of Least Authority), and for the need to support least authority
by Kate Sills (cc'ed) explains the point. The links at the end of Kate's
article are worth following. In particular:
Securing EcmaScript, presentation to Node Security
my presentation explaining many of these issues *prior to* this particular
At the recent (November 2018) tc39 meeting, I presented on the enhancements
adequate to have prevented this incident.
would be a good place to discuss these issues.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es-discuss