npm

🦄🦄🦄@feddit.org · 6 days ago

Would be funnier without the LLM slop

zeroConnection@programming.dev · 5 days ago

Where’s that slop image coming from? Did you seriously generate a slop image to add to this post?

mycodesucks@lemmy.world · 5 days ago

“npm” is an abbreviation of the package vetting methodology.

No Process, Motherf***er

mogoh@lemmy.ml · 6 days ago

Do other packe manager prevent this?

Aniki@feddit.org · 4 days ago

it has nothing to do with the package manager and everything with JS being a very widely used language mostly by rather inexperienced web devs.

kopasz7@sh.itjust.works · 5 days ago

The problem isn’t the package manager. Many small dependency packages multuply the attack surface of the “supply chain”. (it isn’t even a supply chain when a dude opensources his code as-is then a company decides to build their whole business on it)

demizerone@lemmy.world · 4 days ago

I pulled in a webcomponent at work and got 300 plus deps. Fml.