I think the main concern here is that it isn't that the language is too permissi... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		akhmatova on April 11, 2022 \| parent \| context \| favorite \| on: Node.js packages don't deserve trust I think the main concern here is that it isn't that the language is too permissive -- but that the primary installer (and what many people cite as one of the greatest strengths of JS, largely responsible for ushering in its Golden Age) -- is structurally (and perhaps irreparably) insecure. Whether this is really so (and in a significant way compared to its other competitors, out in dynamic programming land) -- is what people seem to be trying to suss out in this thread.

bastawhiz on April 11, 2022 | [–]

The top comment mentions Deno, which doesn't have NPM or even use a package manager. So I'm not sure how the "installer" is the relevant problem

johnny22 on April 11, 2022 | [–]

how is it any less problematic than python or ruby in this regard?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact