>Open source, as it has grown, is broken and the larger it grows the more likely that catastrophic events will occur. Given the potential for damage with this exploit, the fact that it was so limited is a blessing. It’s also not limited to node.js or npm, there is just as much misplaced trust in sister ecosystems like Python’s pypi and Ruby’s gems and with Github as a service itself. Anyone can publish to these and control can change without any notice. Even without a change of control, there’s so much code that thoroughly vetting it all in the first place would grind any team to a halt. In order to meet timelines, developers install what they need to install and security teams and automated tools just aren’t able to adapt to the pace at which software changes.
Wrong. It's the users' fault for not auditing all 37,000,000 lines of code in the dependency tree before deploying it.
Mason Brooks
open sores and buttcoiners btfo
Joshua Ross
Why the hell do you think we don't want systemd? No one can audit that shit and now almost everything depends by default on some redhat shit.
Jaxson Gray
What you meant is that npm and the mentality and ecosystem it created was a mistake.
Nolan Myers
Equivocation NPM was a mistake, not open source.
Jace Collins
>consume >consume >consume what the fuck has been consumed?
Dominic Fisher
>Open source was a mistake. Had this been closed sourced, it would never be made public and possibly, companies wouldn't bother fixing it because it would cost more money and resources. Fuck off with your FUD.
Jonathan Rodriguez
>boohoo someone made software for free and I used it but he doesn't want to maintain it anymore Just fork it instead of being a faggot. They shouldn't update mindlessly
Jaxson Ortiz
>the broken javascript ecosystem broke again >somehow this is the fault of open source "news" shadow written by Steve Ballmer
