Echo JS 0.11.0


xat 1185 days ago. link 1 point
Thanks for this library!

One suggestion: Maybe you could state in the README that this library is more like an additional layer of protection. Because some developers may think that they don't need todo any additional checking of the input. But of course, even with this library installed, you shouldn't do stuff like `SELECT * FROM foo WHERE bar=${req.query.baz}`.
amitport 1185 days ago. link 1 point
Nice, but the rules are somewhat minimal IMHO. It will be nice to mention that in the readme.
amitport 1185 days ago. link 1 point
There are ISec companies that maintain this kind of lists as part of their main business. They test against penetration tools and review against all CVEs. I worked in such a company, but unfortunately, I don't remember specific patterns and couldn't disclose any if I did.

I know I'm not being extremely useful. In any case, I think it is important to clearly state that companies with critical security requirements should probably not rely solely on this.