PSA that the dependency management supply chain attack that all the fuddy duddies were suggesting JS ecosystem was going to inevitably hit has, indeed, been hit, for maybe not the first and probably not the last time. It would be a good day to know what your transitive does are.
-
Show this thread
-
(It occurs to me that this tweet may need the elaboration “fuddy duddy is an (archaic?) US colloquialism for an older person who is distinctly uncool.”)
4 replies 0 retweets 20 likesShow this thread -
Replying to @patio11
Is this less likely in Ruby/Bundler land since it's encouraged to lock it to a specific ver? Or is it, on balance, pretty much just as likely ?
1 reply 0 retweets 0 likes -
Replying to @MattRogish
Kind of feel like I have multiple responses to this question: 1) I don't feel like doing the comparative necessarily maximizes for the future success of the industry, and I feel all people of good will are on the blue team with respect to security. 2) Wouldn't say Ruby is secure
1 reply 0 retweets 1 like
3) To the limited extent that one is capable of making dispassionate statements of engineering facts and using e.g. numbers to compare things, it is my generalized impression that standard practices in the Ruby community are at margin more secure than in the JS community.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.