cm0002@europe.pub to Linux@programming.dev · 2 days agoThe security situation with the Arch Linux AUR got a lot worsewww.gamingonlinux.comexternal-linkmessage-square41fedilinkarrow-up1178arrow-down15cross-posted to: [email protected]
arrow-up1173arrow-down1external-linkThe security situation with the Arch Linux AUR got a lot worsewww.gamingonlinux.comcm0002@europe.pub to Linux@programming.dev · 2 days agomessage-square41fedilinkcross-posted to: [email protected]
minus-squareMihies@programming.devcakelinkfedilinkarrow-up13·2 days agoGood luck with checking all dependencies as a developer, bonus points for JavaScript. You’ve just become a 98% less effective. But seriously, how would you check everything? And if you stumble upon malicious code, would you even recognize it?
minus-squaredevfuuu@lemmy.worldlinkfedilinkarrow-up6arrow-down3·2 days agoNobody sane should be installing js code in their systems. Nor having node or even npm installed.
minus-squareHaraldvonBlauzahn@feddit.orglinkfedilinkarrow-up4arrow-down2·2 days ago Good luck with checking all dependencies as a developer, bonus points for JavaScript. Yes I know well that JavaScript development practices are unsustainable. And at some point, chickens will come home to roost. For my part, I focus on minimalist, well defined systems, both as a user and developer. And trust where it is reasonable - not by default.
minus-squareVictor@lemmy.worldlinkfedilinkarrow-up2·2 days agoExactly, I wouldn’t know what I was looking at probably. We don’t really learn malicious programming at uni.
Good luck with checking all dependencies as a developer, bonus points for JavaScript. You’ve just become a 98% less effective. But seriously, how would you check everything? And if you stumble upon malicious code, would you even recognize it?
Nobody sane should be installing js code in their systems. Nor having node or even npm installed.
Yes I know well that JavaScript development practices are unsustainable.
And at some point, chickens will come home to roost.
For my part, I focus on minimalist, well defined systems, both as a user and developer. And trust where it is reasonable - not by default.
Exactly, I wouldn’t know what I was looking at probably. We don’t really learn malicious programming at uni.