[lxe]

I agree with the author. Just like them, I only write code without any bugs that can be affected by the "vulnerabilities". I also never commit to upstream so others won't be able to edit my code. All my projects only run on my machine (which is of course also absolutely exploit-free and it's not connected to the internet).

[cratermoon]

You're being snarky, which is fine, but the author addresses that. If you're compromised, the attacker is not going to dig through your development folder to inject a regex that makes your build slow. They'll exploit privilege escalation bugs to install a bitcoin miner, ransomware, a DDOS bot node, or use some other vulnerability to grab and/or exploit your secrets. They'll do it the most direct way possible, not via some half-broken regex parser.