Reply to post: So the issues are down to a lack of control

NPM packages disguised as Roblox API code caught carrying ransomware

Pascal Monett Silver badge

So the issues are down to a lack of control

I can therefor create a package called noblox.js.jackpotnow and nobody is going to bat an eyelid until somebody actually wonders why that exists.

Somehow that does not strike me as "anyone can contribute", so much as "anyone can fuck it up".

I've got a feeling that the ease-of-contribution culture is going to get a healthy dose of reality check in the coming years. It's not because it's open source that it has to be a free-for-all. I'm sure developers are going to welcome a bit of verification if it means that their code can be kept from the dregs of the Intarwubs.

After all, what's the real cost of having to sign in to a project before being able to contribute ? It's just a few emails and an identifier for your contributions.

Identifier that can be banned if you screw up, of course.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon