>Open source

Yikes.

Attached: 1.png (530x597, 127K)

Attached: Ds8vtm_XQAIkQR_.jpg (791x328, 45K)

Great thread.

based chinks installing buttcoin miners and imploding the javashit community from the inside out

Attached: 1d83a67b-20cb-4019-a097-4010bc3d025e.png (1140x1856, 236K)

/thread

/thread

OOP and libraries with following the terrible abstraction system caused this, if you make a library that has 4 functions you should consider killing your self

Open source, closed development is the redpilled choice. Like SQLite

>automatically pulling binary updates without asking for them
>automatically pulling non-versioned binary updates

I seriously hope you don't do this.

Attached: 1540154829018.jpg (250x250, 12K)

So, Jow Forums how would you fix this fuck up outside of abandoning npm altogether?

Plenty of good libraries only have a single nontrivial function.
The real problem is JS programmers becoming so stupid they see odd numbers as nontrivial.

I used npm for one package and had over 1000 other pacakages installed as dependencies. I wasn't asked if I really wanted them, or shown a list of the before or given the option to skip them; it just went and installed all of them since they were dependencies. Say what you want about open source in general, but npm is designed to make this sort of auditing nearly impossible.

this is why i support closed source

closed source is not an antivirus

Attached: Screenshot_2018-11-27 Exploiting developer infrastructure is insanely easy.png (1161x3197, 397K)

what the fuck happened?

do freetards actually believe this lmao?

based and redpilled

Someone gave away a popular project on some shitty javascript project distribution site. The guy then ads in a buttcoin stealer to the project and because of how npm works a bunch of retards automatically pulled the latest build and included it in their projects since javascript devs apparently can't into basic build tools.

npm is a burning landfill, but that's not all the fault of the tool. It would just be a normal dumpsterfire if javashit developers had any sense for software engineering. Instead, we have dependency hierarchies dozens of layers deep, and libraries that have one line of real code in them, which are then actual used in thousands of projects.
Their stdlib is fucking crowd sourced by people who only know JavaScript, have never had any formal education in software engineering, and have been working for months to a couple of years. And if you ask them, 7/10 will say it's a good thing.

We can't purge this fucking language from our lives fast enough.

>But javascript is the most popular language right now
I want out of this timeline

JS 50yboy decided to give maintainership to a literal who, had his project compromised and microkikes are blaming the source being open for some reason.

/ourguy/ goes to medium and BTFO's one of those JS numales. Pretty hilarious imo

Damn, he mad

>u-ure rite
>u-ure rite
>but y u so meanie
What a fucking cuck.

JS fags are low energy by default

this. put competent folks on the helm.

Pretty clever desu.

with this and CoCs its over
stallman was wrong
im going back to proprietary

Say “well, I haven’t worked on this in a million years, if you care so much, you contact npm support”

meet you there my man

>im going back to proprietary
>going back
So let's see your open source project. Fucking LARPer. Get out.

have you seen npm and how it gets used?
people trust random updates left right and center
even an /end user/ building something using it might be silently downloading developer-unseen/untested code

The Apple Macbook Pro does not have this problem. I wonder why :^)