Message from JavaScript discussions

August 2017

— Type safety != security


If there's a security issue it's almost always something along the lines of memory management or parsing

— Typescript won't help you if you run remote content as a local command :)

— Wrong

— Even in js type safety can result in malware exploiting a hole, consider if a pointer is passed to one of the many C++ node modules... if the C++ isn't type safe you have the potential to execute JMP instructions to anywhere in memory

Message permanent page

— This literally happened to Microsoft, in their Windows Defender product which also happened to plug JS into C++

Message permanent page

— Shipping my module, now will be on npm :D

— Type safety does not do shit when you are passing pointers between languages...

— Type safety means you don't pass a pointer unless you want to

— Lack of type safety means a pointer can be passed regardless

— And?

— Do you have any specific question about it?