| ▲ | jacquesm 7 hours ago | |||||||||||||||||||||||||||||||||||||
> That you even reach for that comparison is indicative of the deep rot in Javascript culture. Sorry? No, I'm the guy that does write all of his code from scratch so you're entirely barking up the wrong tree here. I am just realistic in seeing that people are not going to write more code than they strictly speaking have to because that is the whole point of using Node in the first place. The Assembly language example is just to point out the fact that you could plug in at a lower level of abstraction but you are not going to because of convenience, and the people using Node.js see it no different. JS is a perfectly horrible little language that is now being pushed into domains where it has absolutely no business being used (I guess you would object to running energy infrastructure on Node.js and please don't say nobody would be stupid enough to do that). Node isn't fine it needs a serious reconsideration of the responsibilities of the eco-system maintainers. See also: Linux, the BSDs and other large projects for examples of how this can be done properly. | ||||||||||||||||||||||||||||||||||||||
| ▲ | notpachet 7 hours ago | parent [-] | |||||||||||||||||||||||||||||||||||||
I feel like there are merits to your argument but that you have a larger anti-JS bias that's leaking through. Not that there aren't problems with Node itself, but as many people have pointed out, there are plenty of organizations writing in Node that aren't pwn'd by these sorts of attacks because we don't blindly update deps. Perfect is the enemy of good; dependency cooldown etc is enough to mitigate the majority of these risks. | ||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||