Someone said on reddit that "pulumi is a node app that requires the npm ecosystem", and for him there is a security concern to work with Node/npm in its organization. From my understanding pulumi is written in go, so is a go application not a node app and npm is not required if you don't use npm runtime. Am I wrong and not understanding things correctly?
05/04/2022, 7:40 AM
05/04/2022, 7:54 AM
I think the person was talking about pulumi cli itself. not the infrastructure program.
05/04/2022, 7:55 AM
You are understanding it correctly. The Pulumi CLI is indeed Go, as are the multitude of the Pulumi providers, which are separate binaries and processes.