logoalt Hacker News

insanitybityesterday at 10:03 PM3 repliesview on HN

What a state of things where we have to fear installing software, and rely on vendors to scan things ahead of time, because our supply chain is such a mess and our tooling is so incapable of (and uninterested in) protecting us.


Replies

Insimwytimyesterday at 10:13 PM

You cannot call it a supply chain, if you have zero contractual relationships with the authors of the solutions you are using.

[1] https://news.ycombinator.com/item?id=44434355

show 3 replies
madeofpalkyesterday at 10:26 PM

What would a solution to this look like?

What would it take to not fear installing software? This isn't a npm problem, its a computing problem in general. Spaces like this are generally pretty against any sort of restrictions or limitations being put on computers under the name of safety (see Manifest v3)

show 3 replies
sunaookamiyesterday at 10:10 PM

No way to prevent this says only package manager where this regularly happens.

show 1 reply