Protecting your user's data (a follow up)

The companion piece to the horror story I posted about NPM packages being used as a vehicle to steal your user’s passwords and credit card numbers has dropped.

In it the author lays out a variety of techniques for protecting yourself and your users via changes to your website (the main one being, isolate the code you use for login or credit card submission from all other code):

How to stop me harvesting credit card numbers and passwords from your site

NPM Publishes State of JS Frameworks 2017 Part 1

Keep in mind that you’re looking at everything in NPM’s The State of JavaScript Frameworks, 2017 through the lens of their package ecosystem. So that tends to make this look at front-end frameworks ignore AngularJS and Web Components, because neither used NPM packages (thought that’s likely to change for Polymer and Web Components in the future).

But with that said, it does have interesting things to say about both React and Angular (not AngularJS) though.