Comment on NPM Package With 56K Downloads Caught Stealing WhatsApp Messages
muusemuuse@sh.itjust.works 5 hours agoCan’t they make dependencies something that get checked at launch time? The executable says “I have the following external dependencies pulled in. “ and then is a version is blacklisted, the executable should stop and throw an error saying exactly what component was blacklisted and stopped it from running.
Why can’t we have executable declare their dependencies at launch time to the OS?
wildbus8979@sh.itjust.works 3 hours ago
That’s essentially how most distributions of Linux and Unix work. You package an app with a list of depencies like “libcaca >= 1.2.3” and that’s that. If that dependency isn’t available in the distro you need to have that packaged (and thus have a maintIner for said package) forst. The distro’s package maintainers are responsible for keeping an eye on the upstream sources and provide reviews. Then this sort of crap like NPM came along and it became popular for devs to package their own dependencies.