alt Hacker NewsEvery programming language package manager is affected. Any random person can sign up and push packages. They are all equivalent to the Arch Linux User Repository and have the exact same caveats.
Every programming language package manager is affected. Any random person can sign up and push packages. They are all equivalent to the Arch Linux User Repository and have the exact same caveats.
I last added a new dependency to a large project I work on a couple of years ago. So no, not all ecosystems are the same.
The culture makes a difference.