It sucks that #SkyPack didn't catch on.

https://docs.skypack.dev/

#webDev #javaScript #js #web #esm #modules #esmodules #packageManagement #programming #cdn #deno #node #npm

Finally found the time to open a discussion on the Snowpack forums about the lack of subresource integrity (SRI) in Skypack: https://github.com/snowpackjs/snowpack/discussions/2569

(Background: my post from the end of last year titled Skypack: backdoor as a Service? https://ar.al/2020/12/30/skypack-backdoor-as-a-service/)

#skypack #snowpack #SubresourceIntegrity #SRI #security #privacy

“If I were In-Q-Tel right now, I’d be drooling as I wrote a check with lots of zeros in it for the Skypack folks because widespread use of Skypack would be any national security agency’s wet dream. Imagine being able to inject any code into any web application at any time to obtain login credentials, etc.

This isn’t even a backdoor. This is a wide open frontdoor. It’s basically Backdoor as a Service.”

https://ar.al/2020/12/30/skypack-backdoor-as-a-service/

#skypack #snowpack #cdn #security #privacy