https://old.reddit.com/r/programming/comments/qdlela/breaking_npm_package_uaparserjs_with_more_than_7m?sort=controversial
Of course nobody in the comment section states the obvious reason why NPM is a dependency clusterfrick: webshitters using a library for everything because they can't code worth a darn.
Jump in the discussion.
No email address required.
itβs a JavaScript user agent parsing library. 9M downloads/week. Someone yoinked his laptop and pushed a miner. With malware slapped in. Based.
Jump in the discussion.
No email address required.
More options
Context