HackerTrans
TopNewTrendsCommentsPastAskShowJobs

jinseokim

no profile record

comments

jinseokim
·4 anni fa·discuss
Whole npm ecosystem is so fragile.

Remember event-stream[1]? Did we learned something from that? Yes, we might. So was it improved? Never. People are still installing 'new' colors package and wondering why its texts are broken.

What if he uploaded malicious code rather than just just gibberish? What if he uploaded on only npm and not on GitHub? Would we even notice that?

[1]: https://github.com/dominictarr/event-stream/issues/116
jinseokim
·5 anni fa·discuss
It seems to be 403 happens.

Quick test: https://s3.us-east-2.wasabisys.com/static.wiki/en.db