|
|
|
|
|
|
by aDyslecticCrow
370 days ago
|
|
|
https://en.m.wikipedia.org/wiki/Log4j
https://en.m.wikipedia.org/wiki/Npm_left-pad_incident Languages and domais that have leaned too faar into package managers and small libraries are prone to fragility and security nightmares. For any "serious" application of critical code; every library used need to be vetted and verifierad to be maintained and secure. Id much rather deal with a bug in our code than a depricated library or breaking version update. If we are to use a library outside of standard unix or stdlib within my field, better expect a nighmareish code review and a meeting. Besides being fun; implementing it ourselves improves our skill level for the future. Something vibe coding itself goes against aswell. |
|
|
A project only become serious once legal is breathing down engineering's neck. Before that, it's usually the far west. After, it becomes a security circus trying to patch the technology deficiency (custom registries, complex linting and other analysis tooling,...)