not_IO@lemmy.blahaj.zone to Programming Humor@lemmy.worldEnglish · 2 days agonpmlemmy.blahaj.zoneimagemessage-square15fedilinkarrow-up1158arrow-down19file-text
arrow-up1149arrow-down1imagenpmlemmy.blahaj.zonenot_IO@lemmy.blahaj.zone to Programming Humor@lemmy.worldEnglish · 2 days agomessage-square15fedilinkfile-text
minus-squaremogoh@lemmy.mllinkfedilinkEnglisharrow-up3·2 days agoDo other packe manager prevent this?
minus-squareAniki@feddit.orglinkfedilinkEnglisharrow-up4·22 hours agoit has nothing to do with the package manager and everything with JS being a very widely used language mostly by rather inexperienced web devs.
minus-squarekopasz7@sh.itjust.workslinkfedilinkEnglisharrow-up4·2 days agoThe problem isn’t the package manager. Many small dependency packages multuply the attack surface of the “supply chain”. (it isn’t even a supply chain when a dude opensources his code as-is then a company decides to build their whole business on it)
Do other packe manager prevent this?
it has nothing to do with the package manager and everything with JS being a very widely used language mostly by rather inexperienced web devs.
The problem isn’t the package manager. Many small dependency packages multuply the attack surface of the “supply chain”. (it isn’t even a supply chain when a dude opensources his code as-is then a company decides to build their whole business on it)