search

sjacorg / bayanat

Open source data management solution for human rights documentation.
https://bayanat.org/
GNU Affero General Public License v3.0
21 stars 13 forks source link

Packages.json for the frontend side of the project is not provided. #7

Closed oussjarrousse closed 3 years ago

oussjarrousse commented 3 years ago

There is no package.json to make sure all versions are vulnerabilities free or are up to date, which raises security concerns.

Also .js packages are minified and uglyfied which makes it really hard to debug, and also it makes it hard to tell if any changes were made to the original packages raising security concerns due to lack of transparency.

You should provide the means for users to be able to download the packages from the original repository and to be able to pack it if they wanted. Otherwise security concerns due to lack of transparency will be raised.

ghost commented 3 years ago

Thanks for reporting this. The file is added again to the repo.