Reply to post: Can we have some real engineering, please?

Security warning deluge from 'npm audit' is driving developers to distraction

jurassicmonkey

Can we have some real engineering, please?

Dan Abramov's original blog post claimed that the default npm audit behavior, "... in many situations, leads to a 99%+ false positive rate..."

Hang on a second. Are we not supposed to be engineers? Since when was guessing good enough? I know it's a guess because no research/data was provided (only some examples) and if there was any research you can bet he would have published it.

This preference for guessing-instead-of-knowing (aka engineering) is the problem with the Node.js ecosystem in particular and programming in general! FFS How many times has el reg published a story where some well-intentioned engineer or admin took the guessing-over-knowing route and wound up in the news? No wonder hackers are having a field day - we're doing it wrong!

So, Mr. Abramov, howsabout a little more engineering and a little less guessing in general?

Cheers!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021