going back to rolling it yourself, or relying on a few high quality stdlib provi... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		acedTrex on June 25, 2024 \| parent \| context \| favorite \| on: Polyfill supply chain attack hits 100K+ sites going back to rolling it yourself, or relying on a few high quality stdlib providers that you likely have to pay for.

aembleton on June 26, 2024 [–]

Paying for dependencies sounds like a good idea. Reduces the incentive to sell out; allows contributors to quit day jobs to focus on fixing bugs and security holes; less likely to result in abandonware.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact