Hacker News new | past | comments | ask | show | jobs | submit login

Am I the only one that sees so many third party dependencies and gets nervous? All it takes is one bad plugin or maintainer change for your entire system to be owned.



You are definitely not the only one.

It's wild to me the extent to which some devs just sorta volunteer for RCE.

And often, for the most superficial of reasons? "Oooh, this plugin adds emoji error messages!" one hundred and forty-three black-box dependencies from anonymous github accounts later...


I agree-- though I've been downvoted for the comment. I guess Jia Tan is a user here ;p




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: