top | item 40803078

(no title)

stiiv | 1 year ago

Justifiably! Supply-chain attacks have occurred via npm, and have been widely reported. A lack of oversight and lack of standard libraries are often cited as the cause.

I don't know if it's a problem for Rust (or other platforms like Python, .NET, or Java afaik).

As someone who primarily writes TypeScript to run in browsers and on node.js, this kind of threat requires an extra level of vigilence, and often nudges me toward writing my own things rather than importing them.

discuss

No comments yet.