Post Ay1RHsrx7vuLNKkvrM by matt@toot.cafe
 (DIR) More posts by matt@toot.cafe
 (DIR) Post #Ay1RHoNJpt1jRAOPYW by matt@toot.cafe
       2025-09-09T00:36:09Z
       
       1 likes, 0 repeats
       
       Thinking about the attack on certain popular npm packages that made news today, it occurs to me that my favorite language's package manager (Rust's Cargo) is far too much like npm for comfort. Proponents and creators of languages with no standard language package manager (especially C and the various C alternatives other than Rust) are posting their takes.
       
 (DIR) Post #Ay1RHsrx7vuLNKkvrM by matt@toot.cafe
       2025-09-09T00:38:15Z
       
       0 likes, 0 repeats
       
       But I still like Rust and don't want to give it up; C and the other C alternatives don't have nearly as good a story when it comes to memory safety. So that leaves me with no good answer to the kind of problem that has been brought to light (again) by today's attack, except, I guess, to just be more selective about what dependencies we add, and be a little more willing to write straightforward though possibly tedious code ourselves rather than adding a dependency that could become a liability.