• colonial@lemmy.world
    link
    fedilink
    arrow-up
    21
    arrow-down
    1
    ·
    1 year ago

    At some point, npm supply chain attacks are going to stop being news and start being “Tuesday.”

    … JS on the backend was a mistake.

      • kattenluik@feddit.nl
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        It wouldn’t have been if it kept to the original purpose of some simple tasks and such, but we can’t have nice things.

      • colonial@lemmy.world
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        1 year ago

        True, but it’s uniquely bad in the JS world. Developers tend to rely on libraries in almost cartoonish excess.

        • The language is shit in general, leading to an endless parade of frameworks and packages designed to paper over the sore spots.
        • The lack of a well-rounded One True Standard Library™ means lots of trivial functionality needs to come from somewhere.
        • Micro-dependencies are commonplace, leading to bloated dependency trees. I’d guess this is caused by a combination of both culture and the fact that you often want your JS artifacts to be as lean as possible.