nodemailer/nodemailer is an open source project licensed under GNU General Public License v3.0 or later which is an OSI approved license.
Similar projects and alternatives to Nodemailer
📦🔐A lightweight private proxy registry build in Node.js
Kernel source tree for Raspberry Pi Foundation-provided kernel builds. Issues unrelated to the linux kernel should be posted on the community forum at https://www.raspberrypi.org/forum (by raspberrypi)
Scout APM - Leading-edge performance monitoring starting at $39/month. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
The Python package installer
Nix Packages collection
:horse: Pony is an open-source, actor-model, capabilities-secure, high performance programming language
Library packaging and distribution for Ruby.
A Ruby library for testing your library against different versions of dependencies.
Feedback and bug reports for the Docker Hub
Saves you from package injection!
How did Elliot programed program that will send files to police if he did not checked something everyday?
reddit.com/r/MrRobot | 2021-03-18
Then He probably has some sort of Mailing script (via Nodemailer or PHP Mail) that uses SMTP
reddit.com/r/webdev | 2021-03-08
Researcher hacks over 35 tech firms in novel supply chain attack
news.ycombinator.com | 2021-02-10
> Such 'nagging donation requests' were banned by npm pretty much days after they first appeared, IIRC,
What does "banned by npm" mean? Here's an example from the source of the latest version of nodemailer (with 1.4M weekly downloads) sleeping for 4,100 ms on every install so that it can show a "Sponsor us to remove this lag" message: https://github.com/nodemailer/nodemailer/blob/a455716a22d22f...
> and npm itself is literally a tool for installing code to execute later, so there's no security issue here. If someone wanted to embed malware into a package, they wouldn't need postinstall scripts for it.
It's fine to have a standard mechanism for postinstall steps. It should be opt-in* by the end user rather than opt-out. That way people know that they're running additional code and ideally selectively pick which packages are allowed to do so. The vast majority of packages do not need it anyway as they do not have C++ bindings or need to generate data.
The defaults for NPM are such that you have to know quite a bit of how NPM works to download a package and inspect the contents without executing random code.
> This is really a complete nothingburger.
It's defensive in depth. With the default being to execute remote code, a single typo could be installing a package that immediately runs malware.