[bolognafairy]

This is an ironic statement, right? Because you’re mindlessly parroting a copy of a copy of what was once, probably, an intelligent and appropriately nuanced take? And because you’re attributing this to the “JS ecosystem” when supply chain attacks are common in many different ecosystems?

LLM-ass comment.

[elaus]

Worst of all: the article never explains what npm has to do with it. Vscode extensions are not installed via npm, so at least part of the malware depends on the Vscode extension store.