Forum Discussion
How to know if I can trust an SPFX webpart?
I am in the process of implementing an spfx webpart but before I need to make sure it is not a security threat.
From researching I was not able to find if there is any way to run a check or provide a validation that the webpart is safe for the organization as it does ask for Graph API permissions, I do not think there is any issues with it, but I need to be able to have cleareance.
This is the webpart: https://github.com/pnp/sp-dev-fx-webparts/tree/main/samples/react-accordion-dynamic-section
3 Replies
- Do your own Code reviews, but the sample webparts from my understanding have usually been gone through by the maintainers of the git.
- For someone who does not have full knowledge of code to understand what to look for, what do you recommend?
- Recommeneded way, find a consultant with SPFX experience or a front-end dev.
Least recommended, check the permission and see what it want's access to, and if that could contain sensetive data.
