We laugh about AI deleting all the shit, but every day there’s a new npm package ready to exfiltrate all your data, upload it to a server and encrypt your home. How do you protect yourself against that?
I’m absolutely serious, though: JavaScript should be considered harmful and abolished in its entirety. This is only one reason among many.
(Granted, libraries for other programming languages could have the same issue, in theory; however, programmers of most other languages don’t have a culture of adding dependencies willy-nilly to the same extent JavaScript devs seem to.)
Javascript just made it very easy to add libraries. I bet you if it C++ had an ecosystem as easy to use as Javascript, it would be the wildest mess you could imagine. Someone would create a package chock full of generics that sends your credentials to a foreign server during compilation but output a completely fine binary. But making dependency management easy in C++ would kill the elitist allure to the language and we can’t have that now, can we?
Yes, by not using npm either.
That’s a meme response. I can snicker, but it really doesn’t solve anything.
I’m absolutely serious, though: JavaScript should be considered harmful and abolished in its entirety. This is only one reason among many.
(Granted, libraries for other programming languages could have the same issue, in theory; however, programmers of most other languages don’t have a culture of adding dependencies willy-nilly to the same extent JavaScript devs seem to.)
Javascript just made it very easy to add libraries. I bet you if it C++ had an ecosystem as easy to use as Javascript, it would be the wildest mess you could imagine. Someone would create a package chock full of generics that sends your credentials to a foreign server during compilation but output a completely fine binary. But making dependency management easy in C++ would kill the elitist allure to the language and we can’t have that now, can we?