Debian has ~20,000-30,000 packages total. NPM has well over a million. Contribut... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

lucideer on April 11, 2022 | parent | context | favorite | on: Node.js packages don't deserve trust

Debian has ~20,000-30,000 packages total. NPM has well over a million. Contribution frequency and overall contributor numbers are also much much higher.

NPM is a victim of ease of use and popularity. It's a bigger target.

But both systems would benefit from a holistic approach to supply chain security.

tonyedgecombe on April 11, 2022 [–]

Part of the problem there is JS doesn't have much of a standard library so everybody and their dog tries to fill that hole.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact