|
|
|
|
|
|
by jinseokim
1622 days ago
|
|
|
Whole npm ecosystem is so fragile. Remember event-stream[1]? Did we learned something from that? Yes, we might. So was it improved? Never. People are still installing 'new' colors package and wondering why its texts are broken. What if he uploaded malicious code rather than just just gibberish? What if he uploaded on only npm and not on GitHub? Would we even notice that? [1]: https://github.com/dominictarr/event-stream/issues/116 |
|
|