This in a nutshell is why Node.js is a house of cards that cannot be trusted from a security perspective. 💔
Meta/Note: I've opened this issue to hold the basic details of a post on security. ✍️
Sadly, most people don't care about security, they only want to get their current work done, collect their paycheque and get back to their hobbies/socialising/netflix. 😞
An example of how security naivety can cause harm:
https://github.com/dominictarr/event-stream/issues/115
https://github.com/dominictarr/event-stream/issues/116
discussion: https://news.ycombinator.com/item?id=18534392
This in a nutshell is why Node.js is a house of cards that cannot be trusted from a security perspective. 💔