DEV Community

Discussion on: Another Npm Package Is Highjacked and It's Your Fault That This Happened

Collapse
adam_cyclones profile image
Adam Crockett • Edited on

I just don't see how humans can check all fo this, its not possible in the timescale of a human lifetime. Id rather pay sombody to write an AI to do it for a fraction of the cost

npm meme

Thread Thread
sharpninja profile image
The Sharp Ninja

For one thing, there needs to be major consolidation of NPM packages. Currated meta-packages that would be maintained by a team of paid devs. Yes, you would have to pay to use the currated feed and packages, that's how you actually get enough quality eyeballs on the code to make it work.