We laugh about AI deleting all the shit, but every day there’s a new npm package ready to exfiltrate all your data, upload it to a server and encrypt your home. How do you protect yourself against that?
I’m absolutely serious, though: JavaScript should be considered harmful and abolished in its entirety. This is only one reason among many.
(Granted, libraries for other programming languages could have the same issue, in theory; however, programmers of most other languages don’t have a culture of adding dependencies willy-nilly to the same extent JavaScript devs seem to.)
Every fucking language besides C++ has a proper package manager people use constantly. And conan exists for c++ if you want to push the definition of “proper”
Replace JS with ocaml Haskell anything dotnet java go rust python ruby etc. if you prefer.
Javascript just made it very easy to add libraries. I bet you if it C++ had an ecosystem as easy to use as Javascript, it would be the wildest mess you could imagine. Someone would create a package chock full of generics that sends your credentials to a foreign server during compilation but output a completely fine binary. But making dependency management easy in C++ would kill the elitist allure to the language and we can’t have that now, can we?
Yes, by not using npm either.
That’s a meme response. I can snicker, but it really doesn’t solve anything.
I’m absolutely serious, though: JavaScript should be considered harmful and abolished in its entirety. This is only one reason among many.
(Granted, libraries for other programming languages could have the same issue, in theory; however, programmers of most other languages don’t have a culture of adding dependencies willy-nilly to the same extent JavaScript devs seem to.)
Every fucking language besides C++ has a proper package manager people use constantly. And conan exists for c++ if you want to push the definition of “proper”
Replace JS with ocaml Haskell anything dotnet java go rust python ruby etc. if you prefer.
Javascript just made it very easy to add libraries. I bet you if it C++ had an ecosystem as easy to use as Javascript, it would be the wildest mess you could imagine. Someone would create a package chock full of generics that sends your credentials to a foreign server during compilation but output a completely fine binary. But making dependency management easy in C++ would kill the elitist allure to the language and we can’t have that now, can we?