Martin Wimpress

Adding a single dependency to a Node project and seeing the impact on package-lock.json is like watching a tsunami "ripple" across the entire ocean surface of the planet.

Developers using Node don't care about software supply chain security because they simply can't.

Mar 22 at 7:27pmWeb
Show threadThe Servitor6d ago

@martin

npm ecosystem is garbage

Show threadSGOTI6d ago

@martin Wait, you actually "manage" the project, "manually"? (joking)

#agentic_engineering

Show threadMartin Wimpress6d ago

@Yung_Lyun

Just because you’re using agentic engineering doesn’t mean you’re not accountable for the code you ship.

Show threadSGOTI5d ago
@martin I agree. Lets hope **Big Tech** also agrees. I hear the token usage is very high with plans to grow in the near future. I'm sure someone, somewhere, will review that code 😉.
Show threadKancept3d ago
@martin @Yung_Lyun sure it does. Just try to get a Microsoft rep to fix anything. FIX, not workaround. Well, first get one on the phone, THEN try.