The Buffer security issues that Mathias Buus and I uncovered led to the deprecation of `new Buffer()` in Node.js and the creation of the `Buffer.from()` and `Buffer.alloc()` APIs. There is an explanation here: https://github.com/feross/safe-buffer#why-is-buffer-unsafe
I created `safe-buffer` as a demonstration of how the API could be fixed to be safe. Then, the ecosystem adopted `safe-buffer` as a polyfill to get that safety even before `Buffer.from()` and `Buffer.alloc()` were included in Node.js. And to this day it continues to be used to provide safety in older versions of Node.js which lack the newer APIs.
I created `safe-buffer` as a demonstration of how the API could be fixed to be safe. Then, the ecosystem adopted `safe-buffer` as a polyfill to get that safety even before `Buffer.from()` and `Buffer.alloc()` were included in Node.js. And to this day it continues to be used to provide safety in older versions of Node.js which lack the newer APIs.