Yea macOS is never a guarantee but I’m always hopeful when they include Mac instructions in the readme.

I’ve found projects that use C++ or other older languages and meant for Linux still have a nightmare with building. The project I looked at had a bootstrap script, an initialization script, a pip installation, and 3+ different make-alternatives. Not uncommon even when apt works.

Docker is great but it’s only as secure as Linux can be. Yea it can have outdated SSL, but it’s just as likely that the thing you need depends on a particular version. Most projects don’t get versions updated unless it’s broke. IMO if something is a web service or generally at risk, you should not depend on the good-faith security being vended. Put it bend a secure network or proxy, Audit, etc. As the advice goes, don’t run your server on port 80 as sudo, but instead run behind NGINX.(modify for risk)

> The project I looked at had a bootstrap script, an initialization script, a pip installation, and 3+ different make-alternatives. Not uncommon even when apt works.

Seems like it was created by noobs. It happens. I guess it's not packaged in a distribution for a reason. A distro maintainer would tell them to fix that crap.

> but it’s just as likely that the thing you need depends on a particular version

No it's not likely. Openssl is a shared library that you can just replace with a version that has whatever fix. Unless you do rust/golang/docker/static linking… and the standard is to dynamically link.

Running vulnerable software is always a risk. You might think you secured it, but vulnerabilities can get chained.

Anyway I'm sure there are crappy softwares being written in any language. But the problem with js seems to be that even a state of the art one incurs such problems continuously because all dependencies are crappy.