dmose/mc-nodejs-docs issues and pull requests

#22 - should we automatically look for out-of-date packages & files bugs & have some policy?

Issue - State: open - Opened by dmose over 5 years ago

#21 - add link to node-sec-roadmap as a reference

Issue - State: open - Opened by dmose over 5 years ago - 1 comment

#20 - draft process to trigger automatic upgrade of Node when old version is obsolete

Issue - State: open - Opened by dmose over 5 years ago

#19 - document upgrading NodeJS

Issue - State: open - Opened by dmose over 5 years ago

#18 - add policy wording around using oldest LTS version of Node

Issue - State: open - Opened by dmose over 5 years ago

#17 - Adding a hard-stop req. for unlicensed modules.

Pull Request - State: closed - Opened by mhoye over 5 years ago

#16 - licensing runbook is not publically available outside of Mozilla

Issue - State: open - Opened by froydnj over 5 years ago - 1 comment

#15 - Should we keep a top-level list of "allowed" packages

Issue - State: open - Opened by dmose over 5 years ago - 2 comments

#14 - Be explicit that right now we're just talking about the top-level nod…

Pull Request - State: closed - Opened by dmose over 5 years ago

#13 - describe what parts of mozilla-central these policies will and won't apply to

Issue - State: closed - Opened by dmose over 5 years ago

#12 - How do we prevent broadly used packages from bit-rotting?

Issue - State: open - Opened by dmose over 5 years ago - 3 comments

#11 - do we need to call out sandboxing in these policy docs?

Issue - State: open - Opened by dmose over 5 years ago - 2 comments

#10 - handling updating old, stale-API packages with sec issues

Issue - State: open - Opened by dmose over 5 years ago - 1 comment

#9 - what about undefined --ignore-scripts behavior?

Issue - State: open - Opened by dmose over 5 years ago - 1 comment

#8 - propose specific actions around vulnerabilities in policy

Issue - State: open - Opened by dmose over 5 years ago - 3 comments

#7 - Add goals section

Pull Request - State: closed - Opened by dmose over 5 years ago

#6 - Missing goals

Issue - State: closed - Opened by joewalker over 5 years ago - 2 comments

#5 - Add 'to ensure that' to clarify statement

Pull Request - State: closed - Opened by tomrittervg over 5 years ago

#4 - Reduce save options

Pull Request - State: closed - Opened by Mossop over 5 years ago - 3 comments

#3 - Policy selection move

Pull Request - State: closed - Opened by dmose over 5 years ago

#2 - Merge in threat models

Pull Request - State: closed - Opened by Mossop over 5 years ago

#1 - Propose explicit `vendor` and `lint` relationship

Pull Request - State: closed - Opened by dmose over 5 years ago

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Issues

GitHub / dmose/mc-nodejs-docs issues and pull requests

#22 - should we automatically look for out-of-date packages & files bugs & have some policy?

#21 - add link to node-sec-roadmap as a reference

#20 - draft process to trigger automatic upgrade of Node when old version is obsolete

#19 - document upgrading NodeJS

#18 - add policy wording around using oldest LTS version of Node

#17 - Adding a hard-stop req. for unlicensed modules.

#16 - licensing runbook is not publically available outside of Mozilla

#15 - Should we keep a top-level list of "allowed" packages

#14 - Be explicit that right now we're just talking about the top-level nod…

#13 - describe what parts of mozilla-central these policies will and won't apply to

#12 - How do we prevent broadly used packages from bit-rotting?

#11 - do we need to call out sandboxing in these policy docs?

#10 - handling updating old, stale-API packages with sec issues

#9 - what about undefined --ignore-scripts behavior?

#8 - propose specific actions around vulnerabilities in policy

#7 - Add goals section

#6 - Missing goals

#5 - Add 'to ensure that' to clarify statement

#4 - Reduce save options

#3 - Policy selection move

#2 - Merge in threat models

#1 - Propose explicit `vendor` and `lint` relationship