| ▲ | everdrive 3 hours ago | |
Javascript is badly over-used and over-depended on. So many websites just display text and images, but have extremely heavy javascript libraries because that's what people know and that is part of the default, and because it enables all the tracking that powers the modern web. There's no benefit to the user, and we'd be better off without these sites existing if there were really no other choice but to use javascript. | ||
| ▲ | mrweasel 2 hours ago | parent | next [-] | |
NPM does seem vastly over represented in these type of compromises, but I don't necessarily think that e.g. pypi is much better in terms of security. So you could very well be correct that NPM is just a nicer, perhaps bigger, target. If you can sneak malware into a JavaScript application that runs in millions of browsers, that's a lot more useful that getting a some number servers running a module as part of a script, who's environment is a bit unknown. Javascript really could do with a standard library. | ||
| ▲ | spoiler 20 minutes ago | parent | prev [-] | |
> So many websites just display text and images Eh... This over-generalises a bit. That can be said of anything really, including native desktop applications. | ||