alt Hacker NewsIf only the company behind VSCode, the company behind NPM and the company behind GitHub could get together and figure out a solution to this.
Replies
It is also company behind NuGet.
Guess what they did a year ago.
They removed 700 or so packages from NuGet proactively but those turned out to be false positives.
It is hard to do the right things.
Not trolling here but these things are by design cesspools ready for compromise. Any fully open ecosystem where contributions are not strictly reviewed is open to this problem. If you don't like it, don't use editor extensions and use a well audited editor.
If you want to use extensions or node packages or pypi packages without doing a detailed review you're accumulating technical debt. You're assuming a risk in order to ship rapidly. You can either pay that down at some point under control, or bear the interest when it comes due.
[dead]
Perfectly demonstrating the truth of the "Microsoft org chart" cartoon.
https://bonkersworld.net/organizational-charts