Message from JavaScript discussions
August 2017
— Type safety != security
If there's a security issue it's almost always something along the lines of memory management or parsing
— Typescript won't help you if you run remote content as a local command :)
— Wrong
— Even in js type safety can result in malware exploiting a hole, consider if a pointer is passed to one of the many C++ node modules... if the C++ isn't type safe you have the potential to execute JMP instructions to anywhere in memory
— This literally happened to Microsoft, in their Windows Defender product which also happened to plug JS into C++
— Shipping my module, now will be on npm :D
— Type safety does not do shit when you are passing pointers between languages...
— Type safety means you don't pass a pointer unless you want to
— Lack of type safety means a pointer can be passed regardless
— And?
— Do you have any specific question about it?