Comment by minkles
2 years ago
Yeah this when I see one of our pipelines pull in 300 npm packages I wonder how much we really know about what our systems do.
2 years ago
Yeah this when I see one of our pipelines pull in 300 npm packages I wonder how much we really know about what our systems do.
Heh, I work in a sector that works with some very large companies we all know the names of. I've seen applications that are seemingly very little code written by them but hundreds or thousands of packages/modules glued together. It is quite common that the tooling they use catch 'low reputation' packages where they've actually put the wrong package name in, then when it didn't work, add the package they needed but didn't remove the misnamed package.
Completely terrifying to me.