When the left-pad debacle happened, I feared that people would conclude “dependencies are bad”. (Instead of the logical conclusion, which is “don’t allow dependencies to be deleted from package registries.”) That prediction turned out to be true. :(
-
-
This Tweet is unavailable.
-
Their security practices are better, but that’s dwarfed by *sheer volume* of code. Including all of win32k.
- 2 more replies
-
-
-
I'm just waiting for somebody to grab a whole bunch of code / data from some large tech company / game studio using a backdoor in some stupid vscode dependency.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.