Extend Security Best Practices for your Project #3465
+73
−3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
UlisesGascon
temporarily deployed
to
Pages Preview
GitHub Actions
Inactive
UlisesGascon
commented
Jul 9, 2025
Comment on lines
101
to
107
| <aside markdown="1" class="pquote"> | ||
| <img src="https://avatars.githubusercontent.com/ulisesgascon?s=180" class="pquote-avatar" alt="avatar"> | ||
| A vulnerability is basically a flaw, a security misconfiguration or a weak point in our system that can be exploited by third parties to behave in unintended ways. | ||
| <p markdown="1" class="pquote-credit"> | ||
| — [@UlisesGascon](https://github.com/ulisesgascon), ["What is a Vulnerability and What’s Not? Making Sense of Node.js and Express Threat Models"](https://gitnation.com/contents/what-is-a-vulnerability-and-whats-not-making-sense-of-nodejs-and-express-threat-models) | ||
| </p> | ||
| </aside> |
There was a problem hiding this comment.
I noticed some of the other pages include quotes for emphasis, so I added a short one from myself in this version for consistency. Totally happy to remove it if it doesn’t fit the tone or style 🫠
UlisesGascon
temporarily deployed
to
Pages Preview
GitHub Actions
Inactive
UlisesGascon
commented
Jul 9, 2025
|
|
||
| Using open source dependencies can speed up development, but each package includes a license that defines how it can be used, modified, or distributed. Some licenses are permissive, while others (like AGPL or SSPL) impose restrictions that may not be compatible with your project's goals or your users' needs. | ||
|
|
||
| Imagine this: You add a powerful library to your project, unaware that it uses a restrictive license. Later, a company wants to adopt your project but raises concerns about license compliance. The result? You lose adoption, need to refactor code, and your project’s reputation takes a hit. |
There was a problem hiding this comment.
@Jeffrey-Luszcz feel free to suggest a better example for the mixed-license scenario in the license section. You probably have a much stronger one than mine 🙏
UlisesGascon
temporarily deployed
to
Pages Preview
GitHub Actions
Inactive
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
cc: @KevinCrosby, @Jeffrey-Luszcz @DUBSOpenHub @jonchurch @blakeembrey @ljharb @RafaelGSS
Note: This PR will impact #3462 and #3461