Debian has ~20,000-30,000 packages total. NPM has well over a million. Contribut... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		lucideer on April 11, 2022 \| parent \| context \| favorite \| on: Node.js packages don't deserve trust Debian has ~20,000-30,000 packages total. NPM has well over a million. Contribution frequency and overall contributor numbers are also much much higher. NPM is a victim of ease of use and popularity. It's a bigger target. But both systems would benefit from a holistic approach to supply chain security.

tonyedgecombe on April 11, 2022 [–]

Part of the problem there is JS doesn't have much of a standard library so everybody and their dog tries to fill that hole.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact