Gregory's ServerI just noticed "foreach" on npm is controlled by a single maintainer.
I also noticed they let their personal email domain expire, so I bought it before someone else did.
I now control "foreach" on NPM, and the 36826 projects that depend on it.
|
40 comments
@wolf480pl Preventing other people from using it is enough. That and using it as a chance to educate pepole on why thy can't trust NPM. @technicallypossible @wolf480pl I don't recommend trusting me... or any single individual, with this kind of power. If someone asks me nicely with a rubber hose, I will be obliged to hand over access. There is a reason the name of my company is "Distrust" Distrust should lead to Distributed Trust. Demand multisig code reviews, and multisig reproducibly built releases for anything that matters.  @lrvick Trust Issues as a Service (TIaaS) is like Zero Trust, but better ๐  Maybe you should just replace the package with a link to MDN's entry on the regular foreach ๐คทโโ๏ธ  @lrvick So basically there are no signature checks on packages on npm? Why am I not surprised?  @lrvick@mastodon.social foreach sounds like a package that you shouldnt need with Array.prototype.forEach โ:blobfoxthonking:โ   @lrvick Do any Fossil Fuel companies use ForEach or any of its dependent packages, I wonder?  @seachaint @lrvick They're probably still using an all-Java back-end. They sank so much money into instrumentation and monitoring of the JVM they're not going to change anytime soon. Also, don't tell them you know anything more modern. They will probably not hire you.   @patterfloof @lrvick I'm tertibly amused when I see node devs adding dependencies for stuff like this, meanwhile my "fun" project has a custom json parser/emitter with entity inheritance, a reimplementation of gettext, a curses-to-windows-terminal API adapter, and internal implementations of several c++ std types. @kevingranade @lrvick there's so many times I've written my own functions in PHP because "it's a small understandable problem, not worthy of a library" then later found I could have picked up someone else's code & spent ages massaging it to work  @lrvick make it print a rickroll to console everytime a function from the package is called  @lrvick foreach is a separate module??? a standard part of any other programming language .. smh. yeah, and thats why node is not installed globally on any of my systems.   |
@lrvick what do you plan to do with such power?