Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Especially with minified JS, how would you be sure, that you get a minified version of your actual code and not one, which does something else additionally, which you might not want?

Not saying, that running 700+ apps is better, just noting, that bundling as a service might not be a perfect solution either.



What about bundling in a local VM or docker container?


I believe there could be some malicious code added to the bundle by these dependencies regardless of where it is being run


I was mostly addressing the part regarding malicious dependencies gaining access to your local filesystem.

If we are talking about the final bundle itself being compromised, there is not really a technical solution to that other than not using dependencies.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: