undefined | Better HN

0 pointsvisarga9y ago0 comments

> Absolutely anyone can create code, put it online and then have others use it fast.

And after 2 years remove or change it in a malicious way and break thousands of other packages and projects. Because it's absolutely anyone.

0 comments

digitalarborist9y ago

That's a problem with all open source software though. Heartbleed comes to mind. This problem may be compounded a bit by the fact that npm has such a low barrier to entry due to its simplicity.

Though saying other open source software is secure due to a higher barrier to entry feels like security by obscurity. Particularly since that higher barrier is often not higher because it's insisted on being high quality tested code, but just because it involves greater complexity in actually submitting it to be distributed.

j / k navigate · click thread line to collapse

0 pointsvisarga9y ago0 comments

> Absolutely anyone can create code, put it online and then have others use it fast.

And after 2 years remove or change it in a malicious way and break thousands of other packages and projects. Because it's absolutely anyone.

0 comments

digitalarborist9y ago

That's a problem with all open source software though. Heartbleed comes to mind. This problem may be compounded a bit by the fact that npm has such a low barrier to entry due to its simplicity.

j / k navigate · click thread line to collapse