Koa is relatively outdated at this point. Fastify is generally what I and most people I know look towards when starting something "new". Express is still in a lot of things, though.
Who said this is a small open-source repo? Node.js has one of the most active OSS communities on the web, with many contributors and developers looking at the code, consuming and working on security and fixing bug reports daily.
Also, a single company provides limitations - you've got blinders on, and your project isn't open for those with a different perspective to come in and take a look and notice something. I honestly think that fresh, open, and global perspective is truly key the success of OSS.
IIRC the GitHub Open Source Survey noted that the people surveyed were more likely to trust OSS software in terms of security because of the transparency with vulnerabilities and the community surrounding it.
This article mentions increased use of OSS libs as a rising source of XSS. I'm really not sure what's worse - OSS that can be fixed and audited easily or proprietary software that's closed and lacking visibility.
I unsubscribed from the highly annoying BestBuy marketing emails and got a notice I'd be removed in 10 days. I looked into CAN-SPAM, and that's the maximum allowance of time to comply with a removal request. Never going to shop at a BestBuy again.
That's different... That's just the standard UX of their mobile autocomplete. It's the same on iOS (I type "f" and it autofills a URL - next letter I type is appended to the end of that URL, slash and all).
This is a problem with how it's interpretations the encoding of characters - they should be escaped by default and be able to be enabled with a flag if there's a valid use for them.
Facebook is different than MySpace. Entire families, including grandparents, weren't on MySpace. Facebook has gotten very close to achieving their goal of "Becoming the Internet" for many 40 .
You'd probably have to look into whether TLDs count toward copyright, e.g. if company ABCXYZ (TM) could claim against abc.xyz.
The reallllly important thing is that you're not calling your chat app TinyChat, but Tiny. If you are calling it TinyChat and started after they opened, you'love need to reassess. If you're calling it Tiny, then you're better off.
Not a lawyer, just what I've experienced the laws around this to be.
100% agree with you. I don't agree with the comment you replied to, but it's _not_ a good sign that they stole another project's logo. https://tent.io/
If it were opt-in, I would absolutely opt-into it. I want the companies who make products I use/consume to succeed - that's why I never install ad-block. I watch tons of shows on YouTube and niche video sites, and I know the ads are what help these companies stay alive.
While I know installing ad-block is still opt-out (not -in), it's still a choice of a click that I'm making. I want to support you, but I don't want the choice of privacy made for me.