logoalt Hacker News

skwee357yesterday at 11:51 AM2 repliesview on HN

I’m not a node/js apologist, but every time there is a vulnerability in NPM package, this opinion is voiced.

But in reality it has nothing to do with node/js. It’s just because it’s the most used ecosystem. So I really don’t understand the argument of not using node. Just be mindful of your dependencies and avoid updating every day.

Replies

Aperockyyesterday at 7:47 PM

It has everything to do with node/js. Because the community believes in tiny dependencies that must be updated as often as possible and the tooling reflects that belief.

shortrounddev2yesterday at 12:24 PM

it's interesting that staying up to date with your dependencies is considered a vulnerability in Node

show 2 replies