• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 178
  • Last Modified:

How do I tell if code in a GitHub library is safe?

While looking for a way to tell if 2 fields match for password verification, I found this Bootstrap framework on Github.

https://github.com/1000hz/bootstrap-validator

It's working well when I link to it, except that it runs slow.  I'd like to copy the source code to my webhost, and run it from there, but how do I tell if it's safe?  I don't want to compromise my server.

If anyone is using a bootstrap framework for password matches, that they know is safe, that might help, too.

Thanks,

Steve
0
stkoontz
Asked:
stkoontz
1 Solution
 
Dillyn BarberCIOCommented:
Best way is to analyze the code yourself and look for any back doors. Also check how many stars it has, how active it is, what issues are reported, etc. The best thing about github is you and millions of other people can view the entire source code to see what it's all about. In my opinion this looks safe, especially since it's only JS and from what I tell it only does what it says it does, I don't see any XSS attempts. If it seems slow it might be the CDN, or your connection to the CDN.
0
 
stkoontzAuthor Commented:
Thanks for the help!

Steve
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now