[efortis]

Show them this Ken Thompson paper of 1984: "Reflections on Trusting Trust"

https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_Ref...

And then hardware compromises…

I don't mean install anything. I mean, it's not a problem particular to the JS ecosystem.

[lrvick]

I full source bootstrapped a Linux distro from hex0 all the way to nodejs binaries just to deal with trusting trust risks.

"just give up" is not a valid strategy.

https://codeberg.org/stagex/stagex

[efortis]

where can I follow you? blog, x?

[lrvick]

https://lance.dev has my mastodon etc. My friends and I also run the #! community, https://hashbang.sh #!:matrix.org