alt Hacker NewsThat package wasn't any more random than any other NodeJS package. NPM isn't inherently different from, say, Debian repositories, except the latter have oversight and stewardship and scrutiny.
That's what's needed and I am seriously surprised NPM is trusted like it is. And I am seriously surprised developers aren't afraid of being sued for shipping malware to people.
Replies
throw-12-16 • today at 6:00 AM
"NPM isn't inherently different from, say, Debian repositories, except the latter have oversight and stewardship and scrutiny"
Yeah thats the entire point.
> NPM isn't inherently different from, say, Debian repositories, except the latter have oversight and stewardship and scrutiny.
Which when compared to NPM, which has no meaningful controls of any sort, is an enormous difference.