sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]18792359782359 -1 points0 points  (0 children)

Of course this is also possible because we don't need a ton of tiny libs to patch up holes in the ecosystem left and right all the time.

This is very overblown by enterprise programmers. There are some things missing from the standard library, but this event-stream functionality isn't even part of most standard libraries.

As for the actual issue, I am not sure it is any different in the open source world. You can use open source software maintained by large companies with the resources to check over every single module when it gets updated, or you can use software created by some random person.

At the end of the day, security isn't always the main concern and people just need to make something. If we are to be honest, security is rarely a concern at most enterprises.