IMO the solution is auditing. We should be auditing every single version of ever... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		nicoburns 81 days ago \| parent \| context \| favorite \| on: Lotusbail npm package found to be harvesting Whats... IMO the solution is auditing. We should be auditing every single version of every single dependency before we use it. Not necessarily personally, but we could have a review system like Ebay/Uber/AirBnB and require N trusted reviews.

ryandrake 80 days ago [–]

This is the way. But people read it, nod their heads, and then go back to yolo'ing dependencies into their project without reading them. Culture change is needed.

nicoburns 80 days ago | [–]

> Culture change is needed.

Yes, but IMO a tooling change is needed first. There just isn't good infrastructure fir doing this.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact