this post was submitted on 19 May 2026

146 points (94.0% liked)

Programming Humor

3432 readers

1 users here now

Related Communities !programmerhumor@lemmy.ml !programmer_humor@programming.dev !programmerhumor@kbin.social !programming_horror@programming.dev

Other Programming Communities !programming@beehaw.org !programming@programming.dev !programming@lemmy.ml !programming@kbin.social !learn_programming@programming.dev !functional_programming@programming.dev !embedded_prog@lemmy.ml

founded 2 years ago

MODERATORS

2e8a9d6bb6935a54@lemmy.world

146

npm (lemmy.blahaj.zone)

submitted 6 days ago by not_IO@lemmy.blahaj.zone to c/programminghumor@lemmy.world

15 comments fedilink hide all child comments

https://hackernews-dynamic.seasondane.workers.dev/news/48155690

you are viewing a single comment's thread
view the rest of the comments

[–] mogoh@lemmy.ml 3 points 6 days ago (2 children)

Do other packe manager prevent this?

[–] gandalf_der_12te@feddit.org 4 points 5 days ago

it has nothing to do with the package manager and everything with JS being a very widely used language mostly by rather inexperienced web devs.

[–] kopasz7@sh.itjust.works 4 points 6 days ago

The problem isn't the package manager. Many small dependency packages multuply the attack surface of the "supply chain". (it isn't even a supply chain when a dude opensources his code as-is then a company decides to build their whole business on it)