undefined | Better HN

0 pointspjmlp8mo ago0 comments

jslint/tslint are an install away.

0 comments

beart8mo ago

tslint has been deprecated for quite a long time now - from 2019: https://github.com/palantir/tslint/issues/4534

thrown-08258mo ago

werent one of the js linters part of a supply chain attack recently?

pjmlpOP8mo ago

Maybe, are you sure Go dependencies are immune to similar attacks?

fabioborellini8mo ago

Yes, with the difference that Google would have to be compromised in order to poison the go distributable containing fmt tool. With js, it’s enough to poison any single one of the 1400 dependencies of the linter

pjmlpOP8mo ago

I forgot that even though fmt will never suffer from middle man attacks downloading the Go toolchain, the standard library already covers 100% of the uses cases someone cares about using Go for, and no one is using CGO.

1 more reply

homebrewer8mo ago

Use biome, it doesn't have any external dependencies. eslint should have been put to rest a long time ago.

2 more replies

thrown-08258mo ago

go std lib being compromised would be a pretty major achievement

j / k navigate · click thread line to collapse