logoalt Hacker News

bluejellybeanyesterday at 10:47 PM1 replyview on HN

I'm in a similar camp, I dislike how often third-party package updates get pushed out, especially given the lack of serious inspection.

The reality is that each update is its own potential security issue and with supply chain attacks being all too frequent, it's not a panacea.


Replies

cesarbyesterday at 10:59 PM

> The reality is that each update is its own potential security issue

Even beyond security issues: each update is a new opportunity for breakage, not only from bugs in the third-party package, but also from unexpected dependencies on the third-party package's behavior.