At some point, npm supply chain attacks are going to stop being news and start being "Tuesday."
... JS on the backend was a mistake.
JS was a mistake.
It wouldn't have been if it kept to the original purpose of some simple tasks and such, but we can't have nice things.
JS on the backend was a mistake.
Typo squatting is not unique to JS.
True, but it's uniquely bad in the JS world. Developers tend to rely on libraries in almost cartoonish excess.
The language is shit in general, leading to an endless parade of frameworks and packages designed to paper over the sore spots.
The lack of a well-rounded One True Standard Library™ means lots of trivial functionality needs to come from somewhere.
Micro-dependencies are commonplace, leading to bloated dependency trees. I'd guess this is caused by a combination of both culture and the fact that you often want your JS artifacts to be as lean as possible.
At some point,
npmsupply chain attacks are going to stop being news and start being "Tuesday."... JS on the backend was a mistake.
JS was a mistake.
It wouldn't have been if it kept to the original purpose of some simple tasks and such, but we can't have nice things.
Typo squatting is not unique to JS.
True, but it's uniquely bad in the JS world. Developers tend to rely on libraries in almost cartoonish excess.