←back to thread

Deno 2.4

(deno.com)
132 points hackandthink | 1 comments | 07 Jul 25 08:44 UTC | HN request time: 0.251s | source
Show context
eranation ◴[07 Jul 25 10:20 UTC] No.44488684[source]
I believe the reason Deno is not more widely used in production environments is the lack of a standardized vulnerability database (other than using 100% npm compatibility which will take many popular deno packages out of scope). The issue is that there is no real centralized package manager (by design) which makes it challenging. Was there any development in that direction?
replies(2): >>44489094 #>>44492946 #
1. TheDong ◴[07 Jul 25 11:22 UTC] No.44489094[source]
> I believe the reason Deno is not more widely used in production environments is the lack of a standardized vulnerability database

If this were a real blocker, then C/C++ wouldn't be used in production either, since both just lean on the language-agnostic CVE/GHSA/etc databases for any relevant vulnerabilities there... and C also heavily encourages just vendoring in entire files from the internet with no way to track down versions.

Anyway, doesn't "deno.lock" exist, and anyone who cares can opt-in to that, and use the versions in there to check vulnerability databases?