The massive bug at the heart of npm
JS Party: JavaScript, CSS, Web Development
The Inconsistency of the MPMCLI API
The problem is the mismatch between like packet, local package, JSON and manifest. It's a code smile here in terms of the architecture because really you should be able to hydrate the state of most of that metadata by just reading from the local package,. Those are two critical pieces of information which actually can be falsified inside of a tar ball. And if somebody, a bad actor, finds this, they can sort of find a way as for us so elegantly we put it, hide malicious scripts, hide known malware... Do you want to jump in there at some point? I'm not sure for us I saw you start shaking your head. Yeah.
00:00
Transcript
Play full episode
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
