Erik_
I think there in lies the issue with Javascript in that case
Mon Nov 01, 2021 2:18am
68.129.13.241

Most languages have a standard library or an equivalent but Javascript doesn't really have an official one. This leads to packages being created to fill this void. Which is fine, but sometimes people hijack these "standard" packages used by many and introduce vulnerabilities or malware into them on purpose for dubious reasons. I'm not saying it's common but I've seen articles multiple times over the past year or so pop up about some "x" package getting compromised that has "x" amount of users depending on it.

It would be nice if some later iteration of Javascript came out with a std lib as a language feature but perhaps it's too late and that ship has sailed.


I have to add though, that day to day (besides COBOL and hobby stuff) I work solely in Java and sometimes Perl at work so my knowledge of the JS world is just what I've read in articles... I'm sure someone who has a more first hand interaction with the JS ecosystem would be better to chime in...

    • Wow... You never know what people show they need. - Puckdropper, Sun Oct 24 2021 4:34am
      I guess that could be a good programming language feature. After all, you're better off with well used libraries than you are writing your own in most cases. (The number of "Apps" on Android that are rewritten versions of other apps--with no more features or even a different design is staggering. ... more
      • I think there in lies the issue with Javascript in that case- Erik_, Mon Nov 01 2021 2:18am
        • It's not too late... - Puckdropper, Mon Nov 01 2021 3:19am
          They just have to create an official standard library. It'd work kinda like CPAN: You don't get them included with the library but they're easily accessible from a trusted place.
  • Click here to receive daily updates
    "Forces act when not restrained" - Puckdropper