cursed and inevitable npm hack 

innocuous patch with a whitespace change and an "audit fix" which modifies the dependency tree but github hides the diff. overworked maintainer hits merge and ten million packages are automatically republished with a now-malicious dependency


software under capitalism 

software under capitalism will never solve the labor crunch that plagues it. the profiteer will reintegrate whatever labor hours your tools liberate; the rentier will haunt whatever audit system you staff. the overworked maintainer looms large over the ecosystem's fragile ligaments wherever overwork remains the path to survival.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!