A Random Thought..._

This is a pretty good look at some of the glaring trust problems with programming language package repositories. Personally, I don't use npm at all, and for Python I prefer to either stick to the standard library or use packages provided by my distribution. You can never audit all that code, so how can you trust it?
02/11/2021 @10:21