Anyone can cherry-pick examples to try to disprove a security principle. A pure, functional math library isn't representative of the vast, vast majority of libraries that are imported every day.
The most-used libraries across languages are for things like database access, logging, package management, HTTP, and (de)serialization. All of those things need to be kept updated for security.
> Can someone explain why is it insecure and what updates are needed to complex algos to make them so? When looking at the code it is pure computation.
You didn't specify the language or library.
Most libraries that people import are going to be JS, just because of the number of JS users and the minimal standard library in that language. Many are also going to operate on user input, which means they can have vulnerabilities.
The mathjs package in NPM, for example, has had tons of vulnerabilities[1].
NPM system is security abomination I agree. But I am not using it. I look at things from my own perspective. If 90% of the world programmers are bound to NPM ecosystem (doubt it) it is their problem. Not mine. I do not "import" half of the Internet for my "hello worlds".
Anyone can cherry-pick examples to try to disprove a security principle. A pure, functional math library isn't representative of the vast, vast majority of libraries that are imported every day.
The most-used libraries across languages are for things like database access, logging, package management, HTTP, and (de)serialization. All of those things need to be kept updated for security.
> Can someone explain why is it insecure and what updates are needed to complex algos to make them so? When looking at the code it is pure computation.
You didn't specify the language or library.
Most libraries that people import are going to be JS, just because of the number of JS users and the minimal standard library in that language. Many are also going to operate on user input, which means they can have vulnerabilities.
The mathjs package in NPM, for example, has had tons of vulnerabilities[1].
1. https://security.snyk.io/package/npm/mathjs