Yes, and that’s the right lesson to learn from this debacle.
-
-
This Tweet is unavailable.
-
- 1 more reply
-
-
-
This Tweet is unavailable.
-
The two popular JS package managers both do this.
- 4 more replies
-
-
-
I guess my glass is half empty because I think people will forget about this incident by next week and happily keep pulling in their billion NPM dependencies like nothing happened :-)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
If only you could bundle more than two functions at a time in an npm module... Most of my Python projects have a dozen deps at most. Node's idea of packaging up the dumbest thing as its own module is insanity.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
i am reminded of work at my university's security lab, where they were researching combining parts of browsers from different versions on a per-user basis to create "genetic diversity" in exploits, minimizing the impact and usefulness of new attacks
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
That's why I'm advocating that we first publish all code to the blockchain to have irrefutable proof of its author, then sign the package with its address *eyes permanently roll back into head*
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
crypto implementations are next-level, copy-paste some code from a benchmarking website, to use it, just make your program look like the bench harness
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
There’s been times I haven’t bothered to show news articles like this to co workers or managers because it’s just not worth the stress of their reactionary response and I worry that we might be forced to not use NPM so why bother risking it by showing them the news...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.