Revision as of 22:59, 2 April 2018 view source Stephan Leeds (talk \| contribs) Extended confirmed users, IP block exemptions 35,964 edits →Misplaced trust in developers: “it” is not plural Tags: Mobile edit Mobile web edit ← Previous edit		Revision as of 23:02, 2 April 2018 view source Stephan Leeds (talk \| contribs) Extended confirmed users, IP block exemptions 35,964 edits →Misplaced trust in developers: “library” is not plural; hyphen missing from compound modifier Tags: Mobile edit Mobile web edit Next edit →
Line 490: === Misplaced trust in developers === Package management systems such as [[Npm (software)\|npm]] and [[Bower (software)\|Bower]] are popular with JavaScript developers. Such systems allow a developer to easily manage their program's dependencies upon other developer's program libraries. Developers trust that the maintainers of the libraries will keep them secure and up to date, but that is not always the case. A vulnerability has emerged because of this blind trust. Relied -upon libraries can ~~release~~have annew ~~update~~releases that ~~causes~~cause bugs or vulnerabilities to appear in all programs that rely upon the ~~library~~libraries. Inversely, a library can go unpatched with known vulnerabilities out in the wild. In a study done looking over a sample of 133k websites, researchers found 37% of the websites included a library with at-least one known vulnerability.<ref name="jslibs">{{cite journal \| title = Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web \| date = 2016-12-21

JavaScript: Difference between revisions