Yes, feels like in those cases npm and bun are not far away. Coincidence?

Simplicity of the stack I think. I don’t think this is an npm-specific issue as the attacker could also download a bash script and run that instead.

I think Wayland works similarly, in a sense that you open a Unix domain socket and send and receive bytes, see https://wayland.freedesktop.org/docs/html/ch04.html.

But I'm pretty sure it's more complicated than I think. :-)

There are some things that are more compilcated, e.g. you need to bring your own libraries for font support and input methods and rasterization and so on, and you need to handle hotplugged input devices and such. But protocol-wise it’s not really more conplicated, no.

Recently, I tested FreeBSD and it seems one can disable sendmail. See https://docs.freebsd.org/en/books/handbook/bsdinstall/#bsdin....

> Especially /W4 on MSVC will generate a lot of fairly pointless spam though, [...]

I think the author meant /Wall.

I could have sworn /Wall is a fairly recent addition to MSVC, but according to godbolt it seems to be supported since at least VS2015.

> The biggest Issue is that error handling is completely broken in POSIX shell scripting (including Bash). Even errexit doesn't work as any normal language would implement it (One could say it is broken by design).

I guess you're referring to http://mywiki.wooledge.org/BashFAQ/105. Got recently hit by these as well.

Yes and my personal favorite: Functions can behave differently depending on, if they are being called from a conditional expression vs. from a normal context. Errexit has no effect if the function is called from a conditional expression.