Maintainers that aren't paid and get fed up at some point, carelessness, the absence of a vetting system or a network of trust, the absence of static security analysis, the absence of a standard library, the culture of writing small modules for everything (search the is true package).
There's a thread going around where a developer counted that the react starter kit installs 1700 packages. Most of them are transitive dependencies.
The package in question is a transitive dependency of transitive dependencies, most people don't even know it exists.
The graph of most packages, not just frameworks, it's just stupid
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
It's a mixture of many things in my opinion.
Maintainers that aren't paid and get fed up at some point, carelessness, the absence of a vetting system or a network of trust, the absence of static security analysis, the absence of a standard library, the culture of writing small modules for everything (search the is true package).
There's a thread going around where a developer counted that the react starter kit installs 1700 packages. Most of them are transitive dependencies.
The package in question is a transitive dependency of transitive dependencies, most people don't even know it exists.
The graph of most packages, not just frameworks, it's just stupid