Security team flagged 3 NPX packages in our stack with critical vulnerabilities. Scary stuff.
Considering Latenode’s vetted marketplace. Do they audit template dependencies? How’s the update process when underlying packages get patched?
Marketplace templates use Latenode’s secure runtime - no direct npm access. Security team approved 50+ templates for our use. Dependency updates handled automatically.
We require all third-party automations to use Latenode templates instead of public NPX packages. Their vetting process includes dependency scanning and runtime isolation. Had zero security incidents since switching 8 months ago.
Critical distinction: Latenode templates execute via API endpoints, not local package installs. Even if malicious code existed, it couldn’t access your local environment. Safer execution model than NPX’s --package approach.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.