Conversation

Hugo Jonker

@hugojonker

·

Mar 19

Another NPM security issue via included packages (wiper). Would it at all help to consolidate packages into a few large helpers? Or for Node to be more "batteries included" like python?

arstechnica.com

Sabotage: Code added to popular NPM package wiped files in Russia and Belarus

When code with millions of downloads nukes user files, bad things can happen.

1

Antoine Vastel

@xopek59

Replying to

@hugojonker

It's becoming more and more common. I agree it would help if Node included more things natively. I feel like the situation is getting better, e.g. node-fetch is becoming native (https://blog.logrocket.com/fetch-api-node-js/…). But it will take time to reach the state of the current Python ecosystem

blog.logrocket.com

The Fetch API is finally coming to Node.js - LogRocket Blog

It's been a long time coming, but the Fetch API is now available in Node.js core. Learn why it took so long and why it's such a big deal.

1:50 PM · Mar 19, 2022·Twitter Web App

1

Like