this post was submitted on 19 May 2026
146 points (94.0% liked)

Programming Humor

3432 readers
1 users here now

Related Communities !programmerhumor@lemmy.ml !programmer_humor@programming.dev !programmerhumor@kbin.social !programming_horror@programming.dev

Other Programming Communities !programming@beehaw.org !programming@programming.dev !programming@lemmy.ml !programming@kbin.social !learn_programming@programming.dev !functional_programming@programming.dev !embedded_prog@lemmy.ml

founded 2 years ago
MODERATORS
2e8a9d6bb6935a54@lemmy.world
146
npm (lemmy.blahaj.zone)
submitted 6 days ago by not_IO@lemmy.blahaj.zone to c/programminghumor@lemmy.world
15 comments fedilink hide all child comments
 

https://hackernews-dynamic.seasondane.workers.dev/news/48155690

you are viewing a single comment's thread
view the rest of the comments
[–] kopasz7@sh.itjust.works 4 points 6 days ago

The problem isn't the package manager. Many small dependency packages multuply the attack surface of the "supply chain". (it isn't even a supply chain when a dude opensources his code as-is then a company decides to build their whole business on it)