| ▲ | hoppp 5 hours ago | |
They are. Any language that depends heavily on package managers and lacks a standard lib is vulnerable to this. At some point people need to realize and go back to writing vanilla js, which will be very hard. The rust ecosystem is also the same. Too much dependence on packages. An example of doing it right is golang. | ||
| ▲ | simiones 2 hours ago | parent | next [-] | |
The solution is not to go back to vanilla JS, it's for people to form a foundation and build a more complete utilities library for JS that doesn't have 1000 different dependencies, and can be trusted. Something like Boost for C++, or Apache Commons for Java. | ||
| ▲ | pixl97 3 hours ago | parent | prev | next [-] | |
>and go back to writing vanilla js Lists of things that won't happen. Companies are filled with node_modules importers these days. Even worse, now you have to check for security flaws in that JS that's been written by node_modules importers. That or there could someone could write a standard library for JS? | ||
| ▲ | rs186 4 hours ago | parent | prev | next [-] | |
Python and Rust both have decent std lib, but it is just a matter of time before this happens in thoae ecosystems. There is nothing unique about this specific attack that could only happen in JavaScript. | ||
| ▲ | BrouteMinou 4 hours ago | parent | prev [-] | |
C#, Java, and so on. | ||