You’re looking at this correctly. This is a big issue with all package managers, node and others suffer from the same kinds of issues. GitHub has dependabot that will routinely scan for vulnerable packages, and you can do similar things on your own to try and mitigate the risk. There was a suggestion about using something like Symphony where it doesn’t draw from as many dependencies. This seems like good advice, but it might be going too far as I work with projects with much higher package counts and they are considered secure.
Doug Hatcher
Enterprise architecture and tech junkie
2024
The Funnel Podcast: How You Can Become Enterprise Ready
A discussion with Doug and Sarah on what it takes to become enterprise-ready in the world of e-commerce and digital transformation.
Conceptually it’s the same thing - there was even an Admin interface for installing extensions at one point. Packages can be installed either via composer or through a “manual installation” which is just like extracting a zip in the right directory. The considerations are similar to Wordpress too, which is to say that if you install an extension but modified the themes then it’s possible the extension won’t present correctly and will need to be fixed.
The Next Wave: Understanding Generative Commerce and the Future of Brands
Curious how this new AI era will impact the way brands connect with their audiences? Check out my latest blog post, where I break down what Generative Commerce is and how it’s set to transform the future of commerce and retail
The Magento-focused hosting providers are worth their weight in gold if you don’t have real server experience. Magento can be hosted on any cloud, but as others have said there’s a lot of esoterics and if you don’t know them well you’ll surely regret it
www.reddit.com/r/Magento…