This in a nutshell is why Node.js is a house of cards that cannot be trusted from a security perspective. 💔
Meta/Note: I've opened this issue to hold the basic details of a post on security. ✍️
Sadly, most people don't care about security, they only want to get their current work done, collect their paycheque and get back to their hobbies/socialising/netflix. 😞
An example of how security naivety can cause harm:
https://github.com/dominictarr/event-stream/issues/115![image](https://user-images.githubusercontent.com/194400/49072294-d3735f00-f227-11e8-9ec3-5f82974b182e.png)
https://github.com/dominictarr/event-stream/issues/116![image](https://user-images.githubusercontent.com/194400/49096084-b196ce00-f261-11e8-89b3-024f17a0a43b.png)
discussion: https://news.ycombinator.com/item?id=18534392
This in a nutshell is why Node.js is a house of cards that cannot be trusted from a security perspective. 💔