|
|
|
|
|
|
by imtringued
1 day ago
|
|
|
This is kind of like arguing that immutable by default variables are pointless. If you force every user to just write "mut", guess what will happen? They will write "mut" when they need mutable variables, which in practice turns out to be the minority of variables. It's the same with "Option". The vast majority of variables or struct members do not need to be nullable at all. |
|
|
This is the wrong analogy.
The equivalent analogy would be using a compiler flag that is triggered for all dependencies and all included libraries without a per-library or per-file changeability. Something like "gcc --force-mut-all-yolo".
Variables have scopes of concern. This new NPM feature has no scope. And that's what my critique is about, because it makes it still unpredictable if any of your dependencies of dependencies needs a script.
The spread vector of potential malware stays identical, because the reason the miasma worm is spreading so fast is because of dependencies of dependencies that are impossible to audit on a case-by-case basis, given the lack of sandboxes and the lack of allowlisting scripts on a per-dep-and-version basis.