| TL;DR: Yes in JS & often elsewhere, so read The Grug-Brained Developer[1] to laugh about it Nearly 10 years ago, we had the left-pad incident[2]. As I post this, people are in a panic over a similar issue. This time it's called the polyfill incident. The details are different, but they don't really matter. The root cause is the same: 1. People saw nice code 2. They didn't make backups of the nice code 3. Instead, they trusted someone else to keep serving it This time, the trusted party served malware instead of deleting everything. Innovation! A more serious (but still oversimplified) take: static linking and/or vendoring can mitigate this for a price: * Vendoring is copying other people's source into your repo * Static linking is the compiler doing the same thing with binary code It's a trade-off: * Pros: durability and longevity since everything's in one .exe / folder / zip * Cons: lose flexibility and gain software license complications with the LGPL/ etc It also isn't as trendy as "what you need to know" articles. For educational yet actually funny takes, I suggest reading these: * The Grug-Brained Developer[1], a light-hearted take about complexity being bad * The famous ML / AI XKCD[3] about stirring big piles of numbers. What's changed since then? * The size of the number pile
* How fast we (our GPUs) can stir it
* The amount of investor money having the tallest pile can earn
* NVidia's stock price
[1]: https://grugbrain.dev/[2]: https://arstechnica.com/information-technology/2016/03/rage-... [3]: https://xkcd.com/1838/ |