|
|
|
|
|
|
by grandalf
4891 days ago
|
|
|
Even if 5% of the rubygems ecosystem contained malware, the biggest danger to most projects is the inclusion of gems that are sloppily maintained. Just because something is released as a gem does not mean it has good code quality or that good development practices were used to create it. The default behavior of bundler is to grab the latest compatible gem version, and in many cases this breaks things bc of little or no QA on the part of some gem maintainers. The top 10% of gems are well maintained but the rest should generally be avoided. |
|
|