Revision as of 18:19, 2 April 2018 view source Ehaugsjaa (talk \| contribs) 144 edits →Server-side JavaScript: add JScript ← Previous edit		Revision as of 22:59, 2 April 2018 view source Stephan Leeds (talk \| contribs) Extended confirmed users, IP block exemptions 35,964 edits →Misplaced trust in developers: “it” is not plural Tags: Mobile edit Mobile web edit Next edit →
Line 490: === Misplaced trust in developers === Package management systems such as [[Npm (software)\|npm]] and [[Bower (software)\|Bower]] are popular with JavaScript developers. Such systems allow a developer to easily manage their program's dependencies upon other developer's program libraries. Developers trust that the maintainers of the libraries will keep itthem secure and up to date, but that is not always the case. A vulnerability has emerged because of this blind trust. Relied upon libraries can release an update that causes bugs or vulnerabilities to appear in all programs that rely upon the library. Inversely, a library can go unpatched with known vulnerabilities out in the wild. In a study done looking over a sample of 133k websites, researchers found 37% of the websites included a library with at-least one known vulnerability.<ref name="jslibs">{{cite journal \| title = Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web \| date = 2016-12-21

JavaScript: Difference between revisions