|
|
|
|
|
|
by wswope
493 days ago
|
|
|
The lack of a batteries-included stdlib makes the JS ecosystem exceptionally vulnerable. PyPI is vulnerable to the same class of problems, but it’s an order of magnitude harder to execute a wide-reaching supply chain attack compared to NPM, since the dependency trees are far shorter on average. |
|
|
Just mentioning these because they are trendy.
Regarding the general issue, it can happen in any language with package management.
Its not reasonable to just yell js sucks because I’ve seen it in bunch of places by now.