I feel frustrated the way that software dev culture is being shaped, where older code is rapidly treated as "bad" and "unusable", if not being constantly upgraded to the newest dependencies & style.
I had a user complaining on one of my repos that one its dependencies was potentially vulnerable to a DoS attack, given specific malicious user inputs. I looked at it, and it was reading from two package.json files on the user's local machine as inputs. I mean, I *guess* maybe *somehow* this could be used for evil, but I don't see how. It just seems like a silly reason to not use a module.
The feeling I get is that open source (especially npm) has been deeply infiltrated by corporate interests and culture, who of course have good reason to fear potential any potential for a DoS attack (costs money). But it sucks, to me, that this mindset has seeped into the wider culture, creating this environment of fear around code that isn't on the upgrade hamster wheel.
Kira, a lil trans fox 🦊 /
npub1xz…8hcth
2024-09-20 17:02:27
Author Public Key
npub1xzm3le0f3gavn98hul8rn0t8cll2jjc8tl94xd9v4vxyvqj6lq6sw8hcthSeen on
wss://relay.momostr.pinkPublished at
2024-09-20 17:02:27Event JSON
{
"id": "3ece2a6aff07ce5cdac34ac58bb988606cff7ae50887ae779ae429e05c68164a",
"pubkey": "30b71fe5e98a3ac994f7e7ce39bd67c7fea94b075fcb5334acab0c46025af835",
"created_at": 1726851747,
"kind": 1,
"tags": [
[
"proxy",
"https://sunbeam.city/@tty/113170956154050078",
"web"
],
[
"content-warning",
"Tech opinion. Thoughts welcome."
],
[
"proxy",
"https://sunbeam.city/users/tty/statuses/113170956154050078",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://sunbeam.city/users/tty/statuses/113170956154050078",
"pink.momostr"
],
[
"-"
]
],
"content": "I feel frustrated the way that software dev culture is being shaped, where older code is rapidly treated as \"bad\" and \"unusable\", if not being constantly upgraded to the newest dependencies \u0026 style.\n\nI had a user complaining on one of my repos that one its dependencies was potentially vulnerable to a DoS attack, given specific malicious user inputs. I looked at it, and it was reading from two package.json files on the user's local machine as inputs. I mean, I *guess* maybe *somehow* this could be used for evil, but I don't see how. It just seems like a silly reason to not use a module.\n\nThe feeling I get is that open source (especially npm) has been deeply infiltrated by corporate interests and culture, who of course have good reason to fear potential any potential for a DoS attack (costs money). But it sucks, to me, that this mindset has seeped into the wider culture, creating this environment of fear around code that isn't on the upgrade hamster wheel.",
"sig": "fff213c2ab187383fcd4bace96be835ff64470486120849e43d531649e3d7864130ae89ada53e9c31740dd8014d252940e1e85f8348548c87488f78741d373f9"
}