/top/
/new/
/best/
/ask/
/show/
/job/
^
slacker news
login
about
←back to thread
NPM debug and chalk packages compromised
(www.aikido.dev)
1369 points
universesquid
| 1 comments |
08 Sep 25 15:37 UTC
|
HN request time: 0s
|
source
https://github.com/advisories/GHSA-8mgj-vmr8-frr6
Show context
stathibus
◴[
08 Sep 25 16:00 UTC
]
No.
45169926
[source]
▶
>>45169657 (OP)
#
As an outsider to the npm ecosystem, reading this list of packages is astonishing. Why do js people import someone else's npm module for every little trivial thing?
replies(11):
>>45169990
#
>>45169999
#
>>45170008
#
>>45170014
#
>>45170015
#
>>45170016
#
>>45170038
#
>>45170063
#
>>45170879
#
>>45170926
#
>>45170953
#
1.
socalgal2
◴[
08 Sep 25 17:16 UTC
]
No.
45170953
[source]
▶
>>45169926
#
Same reason they do in rust.
The rust docs, a static site generator, pull in over 700 packages.
Because it’s trivial and easy
ID:
GO
↑