My biggest concern with this NPM vulnerability is that we’re all going to develop a phobia of dependencies and go back to copy and pasting code for “security” reasons.
-
This Tweet is unavailable.
-
-
Jokes are hard :) I think the lesson here is that package managers do need better systems for verifying releases and having a traceable means back to their source code. I was being facetious about the blockchain, but there is a real need for something similar
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.