Comment by nothinkjustai

1 day ago

Remember how the White House published that document on memory safe languages? I think it’s time they go one step further and ban new development in JavaScript. Horrible language horrible ecosystem and horrible vulns.

3 comments

nothinkjustai

hootz 1 day ago

Supply chain attacks aren't exclusive to JS just like malware isn't exclusive to Windows, it's just that JS/Windows is more popular and widespread. Kill JS and you will get supply chain attacks on the next most popular language with package managers. Kill Windows and you will get a flood of Linux/MacOS malware.

mghackerlady 21 hours ago

Maybe language based package managers aren't great. Also, npm has design decisions that make it especially prone to supply chain attacks iirc
dnnddidiej 17 hours ago

JS apps need more direct dependencies and transitives to do basic things vs. other languages.