What could possibly go wrong

alphacyberranger@sh.itjust.works · 1 year ago

What could possibly go wrong

kamen@lemmy.world · 1 year ago

Left pad is a good example of why you shouldn’t.

magic_lobster_party@kbin.social · 1 year ago

Event stream as well. TL;DR: popular npm library get infested with Bitcoin stealing code.

https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident

Caboose12000@lemmy.world · 1 year ago

can you elaborate

v1605@lemmy.world · 1 year ago

https://qz.com/646467/how-one-programmer-broke-the-internet-by-deleting-a-tiny-piece-of-code

Feirdro@lemmy.world · 1 year ago

This was excellent, but conveniently left off any discussion that npm can “un-un-publish” a programmer’s code against their wishes, and apparently without repercussions?

Fuck npm, I guess.

mexicancartel@lemmy.dbzer0.com · 1 year ago

Absolutely they can un-unpublish since the programmer has given everyone the rights to use his code wherever they want, with its open license. Npm can actually use the older version of the code and give it to everyone. Its actually a good thing

Feirdro@lemmy.world · 1 year ago

Right, the “open” part of open source.

DarkenLM@kbin.social · 1 year ago

Thank fuck for that, cause if they didn’t faker.js and node-ipc would have caused a lot of trouble, with the developers adding malware to a new version and later deleting the entire packages, breaking tons of projects. And those were everything but small packages.

Anonymousllama@lemmy.world · 1 year ago

All for the greater good, especially if it’s the choice between one guy’s desire to nuke their own code VS tens / hundreds of thousands of projects that depend on it.

Johannes Jacobs@lemmy.jhjacobs.nl · 1 year ago

That was a rather nice read :) thank you!

milkjug@lemmy.world · 1 year ago

Thank you for sharing this. I learn something new everyday, much appreciated.