this post was submitted on 22 Dec 2025
132 points (97.8% liked)

Technology

78002 readers
2180 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
132
NPM Package With 56K Downloads Caught Stealing WhatsApp Messages (www.koi.ai)
submitted 5 days ago by King@sh.itjust.works to c/technology@lemmy.world
26 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[โ€“] Venator@lemmy.nz 1 points 4 days ago* (last edited 3 days ago) (2 children)

noone wants to do because developers want the latest and greatest model.

That's not true at all, the OS doesn't have, and shouldn't have, everything that every random npm package has...

The alternative isn't for the OS to do it: its to implement everything yourself... Speaking previous from experience working at a company that did exactly that... It has its own set of problems... But it is at least possibly secure ๐Ÿ˜…

[โ€“] wildbus8979@sh.itjust.works 1 points 3 days ago (1 children)

Have you ever looked at the available packages in a Linux distribution like Debian or a BSD? There are thousands and thousands of library packaged to support software releases. Like I said, that had been the distribution model for the better of twenty+ years until this new, shittier, model.

[โ€“] Venator@lemmy.nz 1 points 3 days ago

There are thousands and thousands of library packaged to support software releases

there are over 3.1 million packages available in the main public npm registry...

[โ€“] vithigar@lemmy.ca 1 points 2 days ago (1 children)

There's another alternative, which is manually adding libraries to your project yourself instead of doing it all automatically through a package manager.

Yes, it's less convenient to download and import a package manually, especially if you need to do the same with a litany of dependencies, but I don't feel like that's a bad thing. Raising the barrier of entry for arbitrarily adding thousands of lines of other people's code to your project would force people to think about how much of that they actually need.

[โ€“] Venator@lemmy.nz 1 points 2 days ago* (last edited 2 days ago)

Or you can just use git and pin your packages to specific versions and review the changes to the packages when they change using git diff...