I built a web app with a node/graphql backend, hosted front and backend publicly on github, deployed it to cloud run, bought a domain, the whole nine yards. I originally did this for a nice portfolio piece to show off, but over the last year or so I’ve actually started getting legitimate traffic to it. I have real user data in the database, and am actually making some money via PayPal. I have never committed secrets to the repo, injecting everything via environment, and I can’t think of any particular reason there would be a security concern from having the code public, but I’m no security expert and I’m starting to wonder if I should stop considering this a portfolio site and make the repo private.Would I be insane to keep it open source? What exactly could go wrong if I do?
Submitted September 24, 2020 at 06:08AM by rca06d
No comments:
Post a Comment