|
|
|
|
|
|
by paulddraper
2396 days ago
|
|
|
> If I find something messed up in a postgres release, and report it to postgres, they will take responsibility for that and manage the rest of it. > None of this is true for NPM. Not as it pertains to bugs, but as it pertains to malicious code (the grandparent's actual question), npm accepts and acts on reports. In fact, their CLI even reports security vulnerabilities in your packages, a feature lacking in almost every other package manager. If all code were in on source code repo, that all authors contributed too....is that really so big a difference as splitting our the areas of responsibility? What are the chances that Tom Lane looks at every single line of every single patch? |
|
|