Someone said on reddit that "pulumi is a node app that requires the npm ecosystem", and for him there is a security concern to work with Node/npm in its organization. From my understanding pulumi is written in go, so is a go application not a node app and npm is not required if you don't use npm runtime. Am I wrong and not understanding things correctly?
l
limited-rainbow-51650
05/04/2022, 7:40 AM
It is only a "node app" if you select Javascript/Typescript as the language of choice to write your infrastructure code.
m
millions-journalist-34868
05/04/2022, 7:54 AM
I think the person was talking about pulumi cli itself. not the infrastructure program.
l
limited-rainbow-51650
05/04/2022, 7:55 AM
You are understanding it correctly. The Pulumi CLI is indeed Go, as are the multitude of the Pulumi providers, which are separate binaries and processes.