|
|
|
|
|
|
by JMTQp8lwXL
2491 days ago
|
|
|
> In case it's not clear to other readers: `funding` had no tracking, no data collection, and no code from untrusted third parties. It was a `console.log` with some fancy formatting. It starts as that, but is the community right to question where it might ends? Today is plain ASCII -- tomorrow is HTTP requests to ad companies in postinstall. Even if wasn't in 'funding', it could happen somewhere else. Somebody (not you) quietly adds a new NPM dependency to a popular project, and in that new module, the advertiser now has analytics on that package's usage, in addition to the console real estate space. |
|
|