| |
| ▲ | fabioborellini 4 days ago | parent | next [-] | | Yes, with the difference that Google would have to be compromised in order to poison the go distributable containing fmt tool. With js, it’s enough to poison any single one of the 1400 dependencies of the linter | | |
| ▲ | pjmlp 4 days ago | parent | next [-] | | I forgot that even though fmt will never suffer from middle man attacks downloading the Go toolchain, the standard library already covers 100% of the uses cases someone cares about using Go for, and no one is using CGO. | | |
| ▲ | DanielHB 4 days ago | parent [-] | | I used to use CGO quite a lot in linux-embedded environment. And we had huge dependency chains as well to non-standard library stuff, nowhere near as bad as an average nodejs project but still not free from the problem. |
| |
| ▲ | homebrewer 4 days ago | parent | prev [-] | | Use biome, it doesn't have any external dependencies. eslint should have been put to rest a long time ago. | | |
| ▲ | prmph 4 days ago | parent | next [-] | | Good advice. That was my conclusion as well after years of fighting with eslint. | |
| ▲ | thrown-0825 4 days ago | parent | prev [-] | | someone else recommended this too, I'll give it a shot next time I'm in js land. | | |
| ▲ | DanielHB 4 days ago | parent [-] | | We added biome to our project, now we have eslint, prettier and biome in the project. Seriously though it is nice, but migrating away from your existing tooling is painful and underappreciated. |
|
|
| |
| ▲ | thrown-0825 4 days ago | parent | prev [-] | | go std lib being compromised would be a pretty major achievement |
|
