cm0002@europe.pub to Linux@programming.dev · 1 day agoThe security situation with the Arch Linux AUR got a lot worsewww.gamingonlinux.comexternal-linkmessage-square36linkfedilinkarrow-up1161arrow-down14cross-posted to: linux@lemmy.ml
arrow-up1157arrow-down1external-linkThe security situation with the Arch Linux AUR got a lot worsewww.gamingonlinux.comcm0002@europe.pub to Linux@programming.dev · 1 day agomessage-square36linkfedilinkcross-posted to: linux@lemmy.ml
minus-squareMihies@programming.devlinkfedilinkarrow-up11·17 hours agoGood luck with checking all dependencies as a developer, bonus points for JavaScript. You’ve just become a 98% less effective. But seriously, how would you check everything? And if you stumble upon malicious code, would you even recognize it?
minus-squaredevfuuu@lemmy.worldlinkfedilinkarrow-up5arrow-down3·13 hours agoNobody sane should be installing js code in their systems. Nor having node or even npm installed.
minus-squareHaraldvonBlauzahn@feddit.orglinkfedilinkarrow-up3arrow-down2·16 hours ago Good luck with checking all dependencies as a developer, bonus points for JavaScript. Yes I know well that JavaScript development practices are unsustainable. And at some point, chickens will come home to roost. For my part, I focus on minimalist, well defined systems, both as a user and developer. And trust where it is reasonable - not by default.
minus-squareVictor@lemmy.worldlinkfedilinkarrow-up1·16 hours agoExactly, I wouldn’t know what I was looking at probably. We don’t really learn malicious programming at uni.
Good luck with checking all dependencies as a developer, bonus points for JavaScript. You’ve just become a 98% less effective. But seriously, how would you check everything? And if you stumble upon malicious code, would you even recognize it?
Nobody sane should be installing js code in their systems. Nor having node or even npm installed.
Yes I know well that JavaScript development practices are unsustainable.
And at some point, chickens will come home to roost.
For my part, I focus on minimalist, well defined systems, both as a user and developer. And trust where it is reasonable - not by default.
Exactly, I wouldn’t know what I was looking at probably. We don’t really learn malicious programming at uni.