30
GitHub Actions Cache Poisoning is eating open source (neciudan.dev)
submitted 2 days ago by codeinabox@programming.dev to c/security@programming.dev
8 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] lauha@lemmy.world 3 points 1 day ago

Honestly the best solution is to have minimum amount of dependencies.

Isn't this a sane practice in programming anyway? Just don't go overboard with dependency minimalism.

[-] Piatro@programming.dev 2 points 1 day ago

Yes but the reality of JavaScript codebases is that you'll typically import hundreds if not thousands of dependencies fairly quickly. Last time I looked at the UI codebase at my job it was sitting at over 40k.

[-] lauha@lemmy.world 2 points 1 day ago

That's one of the reasons) why JS development is the shitshow it is.

[-] Maxxie@piefed.blahaj.zone 1 points 1 day ago

IDK how other people are, but to me solving a problem with a single #include just feels right. Less code to maintain, responsibility is shifted to a dedicated person, obviously much faster.. But also constant anxiety and daily monitoring of security blogs, so I'm trying to cut back

this post was submitted on 17 May 2026
30 points (96.9% liked)

Security

2083 readers
3 users here now

A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.

Rules :

  1. All instance-wide rules apply.
  2. Keep it totally legal.
  3. Remember the human, be civil.
  4. Be helpful, don't be rude.

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
Vacant@programming.dev