Hundreds of code libraries posted to NPM try to install malware on dev machines
These are not the the developer tools you think they are.
You're viewing a single thread.
This should kill off NPM
Youβd be surprised to see how many common libraries have vulnerabilities every week.
As well as how many common JS libraries, while not malicious have no business existing (ex. IsEven).
Why stop there lets just kill js in its entirity.
Not really a language-specific problem. Like, there are numerous languages that have distribution mechanisms for libraries that might potentially be malicious.
Only way I can think that the language might be a factor would be if a language were designed to only run in a restricted mode.
Not really a language-specific problem, but why should that stop us from this goal?
Exactly
You must be very smart.
