Comment by tjpnz
4 days ago
This is a cultural problem created through a fundamental misunderstanding (and mis-application) of Unix philosophy. As far as I'm aware the Rust ecosystem doesn't have a problem appropriately sizing packages which in turn reduces the overall attack surface of dependencies.
It's kinda funny because "Unix philosophy" was never a coherent thing in the first place. Arguably Plan 9 came the closest to that in practice, but, well, you might note it didn't exactly have a strong uptake. Unix itself is a pile of hacks though, and it's both sad and amusing to watch people trying to divine some kind of methodology out of that.
This has nothing to do with package sizes. Cargo was just hit with a phishing campaign not too long ago, and does still use tokens for auth. NPM just has a wider surface area.
I agree, but imo the Rust ecosystem has the same problem. Not to the extent of NPM, but worse than C/C++.