Hacker News new | past | comments | ask | show | jobs | submit login

What could potentially happen with a malicious dependency added knowingly by the original author or unknowingly because his account is compromised will one day make leftpad look like a harmless warning / near escape we ignored.

Sure, leftpad broke productivity for one day. But the continued willful ignorance we show towards "yet another dependency" will kill us one day.

There is work happening in creating notary etc. Github/Microsoft is in a very good position to solve this. I hope they take the opportunity.

The sad thing is that it already happened 2 years ago [1]. And nothing changed apart from some general apathy on the interwebs.

The JavaScript ecosystem is past the point of no return right now. Any improvements will only be band-aids.

[1] - https://www.trendmicro.com/vinfo/dk/security/news/cybercrime...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact