[GoLUG] Writing an internet server
Barry Fishman
barry at ecubist.org
Wed Aug 20 21:19:31 EDT 2025
On 2025-08-20 14:54:54 -07, Ron wrote:
> Barry Fishman wrote on 2025-08-19 14:03:
>
>>> If you mean Node repos, yes it has been targeted a lot due to its
>>> popularity.
>> It's also has had a history of lacking oversight in keeping
>> dangerous software out of it.
>
> Yeah, it has had (more than?) its share of problems.
>
> Open repos are susceptible to such things and it's hard to curate it
> other than through user feedback. At 3.1+ million packages (according
> to ChatGPT), is it possible to have oversight?
Do we really need to have 3.1+ million packages without any curation as the
repository used for all JS development? Couldn't independently reviewed
repositories exist, to people building websites could have some
validation that the software they use has had at least some
vetting? This is not a social media site.
--
Barry Fishman
More information about the GoLUG
mailing list