This past week I’ve decided to put a little more love into my
east5th:package-scan project. In an attempt to lower the barrier of entry for using the tool, I’ve given it a super-simple web interface. Check it out at scan.east5th.co!
The tool lets you select or drop in a Meteor
versions file, which will then be compared against the list of packages with known security issues. If any matches are found, it’ll display those vulnerable package alerts on the page.
I made a conscious decision to not send
versions files to the server to do the scanning. Instead, I pull the
alerts.json file into the browser, along with a browserfied version of semver, and run the scan directly in on the client. This way, the users’
versions files never leave their browser.
Exporting ES6 Classes From Meteor Packages – How do you export ES6 classes from Meteor packages? This articles dives into the topic.
Slimming Down Fat Models – While fat models are better than fat controllers, sometimes your models need to trim the fat as well. Event-based architectures may be the solution to your troubles.