alt Hacker NewsYour users don't have to use those extensions, so I don't understand how that's relevant? People who do, should be made aware of risks and that's it. This is not a good argument against taking away their option to have that customization.
Your users don't have to use those extensions, so I don't understand how that's relevant? People who do, should be made aware of risks and that's it. This is not a good argument against taking away their option to have that customization.
I'm having a hard time finding a thread where people don't complain about npm when the real issue is packages being compromised.
Swap packages for extensions in the above and let me know how that's different