We already know that maintainers of widely-used NPM packages are being approache... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		pryce on April 23, 2019 \| parent \| context \| favorite \| on: NPM staff fired after trying to unionize – complai... We already know that maintainers of widely-used NPM packages are being approached and offered money by people with dubious intentions. I may not agree with many of NPM's decisions, but NPM does fall over and a malicious party takes it over its functions, web development is looking at a security catastrophe. If the financial incentive for malicious actors is already represents an issue today in that there are attempts to gain control of numerous packages, imagine what the combined financial incentive would be to take over the whole index.

chongli on April 23, 2019 [–]

web development is looking at a security catastrophe

Which in the long run should highlight the dangers of centralization with a single point of failure. We need to move back toward a decentralized web!

acct1771 on April 23, 2019 | [–]

Couldn't hear you over my gig of Google Fonts downloading, one more time?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact