↳ In-reply-to » Open Source Developer Intentionally Corrupts His Own Widely-Used Libraries "Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking.." reports BleepingComputer. "The developer of these libraries intentionally introduced an infinite loop that bricked thousands of projects that ... ⌘ Read more

@movq@www.uninformativ.de I think overall there are two issues at play here we can agree on, whether or not it’s “managed” by a distro (I think that’s kind of irrelevant here, I use/develop on macOS for example and use brew but I don’t want my deps to come from Homebrew uggh yuck) – Anyway There are two issues I see:

• Supply Chain – Being able to vet, validate and verify everything that goes into a piece of software or product/service
  
• Library hygiene – Being prudent about libraries as a Library author and reducing or eliminating “transitive” dependencies.