Most people don't have the time or ability to thoroughly review all of their (nested!) dependencies. Ideally it could be outsourced; I would love a service where you could see that N auditors had signed off on package X @ commit Y.
-
-
-
Indeed, there should be a market for public code audits. Code complexity with extraneous dependencies, and use of large untrusted ecosystems should also be understood as bad hygiene.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
Read my blog!