I find it more concerning that the DoD uses node.
I might be wrong but npm etc feels like a very large attack surface.
replies(3):
I might be wrong but npm etc feels like a very large attack surface.
The DOD is one of the world's largest organizations. There are people there who do things like publish newsletters and put up webpages for people like boy scouts to arrange tour bases. It is totally fine to use Node for things like that.
Those systems are not connected to the systems that fire missiles. If the sign up page for the 4th of July fireworks announcement gets vandalized, it isn't really an issue.