Both Cargo and Go's package manager are a lot better. Can you name comparable security incidents they've had in the last 5 years?
Idk about Python, I refuse to use that language for other reasons.
Both Cargo and Go's package manager are a lot better. Can you name comparable security incidents they've had in the last 5 years?
Idk about Python, I refuse to use that language for other reasons.
It makes more sense to attack packages in NPM since it's by far the most popular package manager.
Yeah indeed, you can move to a less popular ecosystem and have less risk. Back in the day when I moved from PHP ecosystem to Python, that was a big improvement. But with NPM I feel mixed; there's a lot of crap, but there's also genuinely good stuff. So you have to be a bit more conscious and alert when you make decisions on packages etc. With more mature ecosystems you have that problem less, and you don't have to spend so much time on package research and can rely more on the community. But still there's always a risk there too, so you have to stay alert.