undefined | Better HN

0 pointsmotorest7mo ago0 comments

> (...) but a particularly paranoid interpretation is that this person is setting up for a massive, multi-pronged software supplychain attack.

That person might not be doing it knowingly or on purpose, but regardless of motivations that is definitely what is being done.

0 comments

whilenot-dev7mo ago

A package "for-each"[0] that depends on a package "is-callable"[1], just to make forEach work on objects? Nope, not buying the goodwill here.

[0]: https://www.npmjs.com/package/for-each

[1]: https://www.npmjs.com/package/is-callable

whilenot-dev7mo ago

To be fair, he himself removed his unnecessary dependency that caused the explosion of dependencies: https://github.com/A11yance/aria-query/commit/ee003d2af54b6b...

EDIT: Oops, he just did the changelog entry. The actual fix was done by someone else: https://github.com/A11yance/aria-query/commit/f5b8f4c9001ba7...

motorestOP7mo ago

Older browsers don't support foreach, so it's not like a polyfill is unheard of

https://caniuse.com/?search=foreach

whilenot-dev7mo ago

Are you serious here? It isn't a polyfill, it's supposed to work on plain objects which isn't part of the spec at all. Besides that, Array.prototype.forEach is only unsupported in Android Browser 4.3 (from July 2013) and IE8 (from May 2008). Seems like a weird reasoning to add it to packages in 2025.

2 more replies

karel-3d7mo ago

ljharb has commit rights (edit: maybe? maybe not. not sure) to nodejs itself

https://github.com/nodejs/node/issues/55918

so.. I don't know. if he wanted to bad he would already

j / k navigate · click thread line to collapse

0 comments

whilenot-dev7mo ago

A package "for-each"[0] that depends on a package "is-callable"[1], just to make forEach work on objects? Nope, not buying the goodwill here.

[0]: https://www.npmjs.com/package/for-each

[1]: https://www.npmjs.com/package/is-callable

whilenot-dev7mo ago

To be fair, he himself removed his unnecessary dependency that caused the explosion of dependencies: https://github.com/A11yance/aria-query/commit/ee003d2af54b6b...

EDIT: Oops, he just did the changelog entry. The actual fix was done by someone else: https://github.com/A11yance/aria-query/commit/f5b8f4c9001ba7...

motorestOP7mo ago

Older browsers don't support foreach, so it's not like a polyfill is unheard of

https://caniuse.com/?search=foreach

whilenot-dev7mo ago

2 more replies

karel-3d7mo ago

ljharb has commit rights (edit: maybe? maybe not. not sure) to nodejs itself

https://github.com/nodejs/node/issues/55918

so.. I don't know. if he wanted to bad he would already

j / k navigate · click thread line to collapse