SAN FRANCISCO, CA - In the wake of a devastating supply chain attack in the npm registry that left millions of enterprise applications compromised and billions of user records exposed, developers across the JavaScript ecosystem expressed deep sorrow today, lamenting that such a crisis was completely unavoidable.
“It’s a shame, but what can you do? This is just the price of building modern web apps,” said Senior Frontend Engineer Mark Vance, echoing the sentiments of a community that completely relies on a 40-level-deep nested tree of unvetted packages maintained by pseudonymous strangers to capitalize a single string. “There’s absolutely no way to foresee or prevent someone from taking over a long-abandoned utility package and injecting a crypto-miner into every production build in the world. It’s just an act of nature.”
There’s another problem which is that you can only donate about $104,000 to a federal candidate’s campaign but you are allowed to independently campaign for that politician using unlimited funds. Third party campaigning shouldn’t be allowed. It’s been ruled a matter of free speech, that if Michael Moore wanted to make a documentary critiquing health care in the US, that is his right. But some people will make documentaries filled with lies. It might be difficult to control what wealthy people do with their money and what they say, but that doesn’t mean you can’t try.