Sure, but let's also take the code hosting situation into account: npm now comes... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

TheRealPomax on Jan 6, 2020 | parent | context | favorite | on: Parcel – Fast, zero-configuration web application ...

Sure, but let's also take the code hosting situation into account: npm now comes with security audits during install, and github now comes with free dependency vulnerability monitoring. While "fewer deps means fewer vectors" is true, the security landscape has changed an unusual amount, and for the better, since that article was written.

quantummkv on Jan 6, 2020 [–]

> npm now comes with security audits during install, and github now comes with free dependency vulnerability monitoring

Ultimately, these are solutions to problems that should not exist in the first place.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact