Comment by waterTanuki
25 days ago
What exactly do you think the argument is?
The issues have everything to do with npm as a platform and nothing with JS as a language. You can use JS without npm. Saying you'll escape supply chain attacks by not using JS is like saying you'll be saved from an car crash with a parachute.
Well, this particular case could be wholly avoided if it didn't take 2 decades to get competent HTTP(S) client into core language
JS as a language is part of the problem because the standard library is so minimal that people need to use a lot more 3rd party libraries than they would in most popular languages.