I feel like there are merits to your argument but that you have a larger anti-JS bias that's leaking through. Not that there aren't problems with Node itself, but as many people have pointed out, there are plenty of organizations writing in Node that aren't pwn'd by these sorts of attacks because we don't blindly update deps.

Perfect is the enemy of good; dependency cooldown etc is enough to mitigate the majority of these risks.

▲

jacquesm 7 hours ago | parent | next [-]

> I feel like there are merits to your argument but that you have a larger anti-JS bias that's leaking through.

Familiarity breeds contempt.

▲

notpachet 6 hours ago | parent | next [-]

The truth is typically somewhere in the middle. I feel you though. I'm that way with Ruby/Bundler.

▲

user34283 3 hours ago | parent | prev [-]

What's the problem?

I think JS is great. It's simple, anybody can use it.

TypeScript is excellent too. The structural type system is very convenient.

It's not going to replace Rust in cases where performance is essential or where you want strict runtime type checking or whatever, but for general use and graphical applications JS seems like a great pick.

I often hear people complain about JS, but really, how is it any worse than say Python?

	▲	jacquesm an hour ago \| parent [-]
		> I often hear people complain about JS, but really, how is it any worse than say Python? That's not the flex you think it is.

▲

acheron 5 hours ago | parent | prev [-]

Reality has an anti-JS bias.