not_IO@lemmy.blahaj.zone to Programming Humor@lemmy.worldEnglish · 2 months agonpmlemmy.blahaj.zoneimagemessage-square15linkfedilinkarrow-up1161arrow-down19file-text
arrow-up1152arrow-down1imagenpmlemmy.blahaj.zonenot_IO@lemmy.blahaj.zone to Programming Humor@lemmy.worldEnglish · 2 months agomessage-square15linkfedilinkfile-text
minus-squaremogoh@lemmy.mllinkfedilinkEnglisharrow-up3·2 months agoDo other packe manager prevent this?
minus-squarekopasz7@sh.itjust.workslinkfedilinkEnglisharrow-up4·2 months agoThe problem isn’t the package manager. Many small dependency packages multuply the attack surface of the “supply chain”. (it isn’t even a supply chain when a dude opensources his code as-is then a company decides to build their whole business on it)
minus-squareAniki@feddit.orglinkfedilinkEnglisharrow-up4·2 months agoit has nothing to do with the package manager and everything with JS being a very widely used language mostly by rather inexperienced web devs.
Do other packe manager prevent this?
The problem isn’t the package manager. Many small dependency packages multuply the attack surface of the “supply chain”. (it isn’t even a supply chain when a dude opensources his code as-is then a company decides to build their whole business on it)
it has nothing to do with the package manager and everything with JS being a very widely used language mostly by rather inexperienced web devs.