Yesterday I published a short blog post where I showcase how to make HTTPS requests through HTTP proxies in NodeJS without using any non-native dependencies: antoinevastel.com/nodejs/2022/02
(1/5)
Conversation
The main purpose of this blog post, besides the learning aspects, was to try to rely less on external dependencies to do simple tasks in NodeJS.
Indeed, in the last years, there has been an increasing number of compromised NPM packages that led to supply chain attacks. (2/5)
1
This morning I came across this HN thread: news.ycombinator.com/item?id=304038 where a researcher shows how he could have compromised Angular NPM package using expired publisher email domains. (3/5)
Replying to
It's just a coincidence, but it reinforces my conviction that we need to rely less on external NPM dependencies, particularly for simple tasks that could/should be easily coded using native modules. (4/5)
1
2
Of course, that's not always possible. Using external dependencies enables developers to speed up their development speed, but this comes with a cost: security, particularly when your project starts to rely on thousands of external dependencies.
(5/5)