alt Hacker NewsMost of these util libraries require basically no changes ever. The problem is the package maintainers getting hacked and malicious versions getting pushed out.
Most of these util libraries require basically no changes ever. The problem is the package maintainers getting hacked and malicious versions getting pushed out.
If you use an LLM to generate a function, it will never be updated.
So why not do the same thing with a dependency? Install it once and never update it (and therefore hacked and malicious versions can never arrive in your dependency tree).
You're a JS developer, right? That's the group who thinks a programmer's job includes constantly updating dependencies to the latest version constantly.