Back

@aral
Hm, so git is part of the app.

Since it needs to be available on the Internet, doesn't that create a security risk?

Imagine secrets that got accidentally committed.

With that decentralised nature, how would an upgrade path look like?
What if it requires migrations of any kind?

@RyunoKi Yeah, folks should not commit secrets to git. This applies equally to every publicly-accessible Git repository ever (which, at last count, I believe was several hundred million) ;)

Upgrades are git pulls with npm install being run automatically as necessary if Node modules are used. Migrations are the responsibility of the apps themselves. Kitten apps can run them for the in-process JSDB database (https://codeberg.org/small-tech/jsdb) at startup from the main.script (entrypoint).

@aral
Agree.

Any specific reason why npm (vs yarn or pnpm for example)?
Or just to start somewhere?

@RyunoKi Just to start somewhere (and it’s what I use. Tried both of the others but I’m also trying to go with plain vanilla as much as possible across the stack) :)

@aral
Alright.

I remember there was an alternative package manager that used a decentralised repository (P2P even) but I can't recall it's name

@RyunoKi Ah, if you do, do let me know. Might be interesting to look into :)

@aral
Sure.

I wouldn't hold my breath for it, though.