Keep ass what though? /s

I’m going to have to just write my own one of these fucking things aren’t I?

This is the sort of thing you do to big companies with no morals, doing it to a small open source project is just wrong, they don’t have the manpower or money to redo the investigation you already did.

Given that the dude works for an AI-based security company, and Forgejo and services like it (e.g., codeberg.org) are how you abandon the mess of vibe-coded trash that is GitHub, in my opinion, he has a motivation to pick apart this specific service.

And since javascript libraries tend to be so small and focused

Lol, LMAO even

But Windows is less secure. Two things can be true at once. They are in the original topic too.

The Java ecosystem is massive and decades old and I don’t hear one iota of the shit about maven central that I hear about npm.

I guarantee that npm is full up with vibe coded bullshit at this point as well.

I’m not sure what it even takes to upload a package to npm. Not even a pulse. I honestly never looked into it because the whole ecosystem is so rancid.

EDIT: Look at how many shits in this are optional (and note the overall quality of the article as well): https://dev.to/aneshodza/publishing-your-first-npm-library-51k2. The ecosystem sucks.