JavaScript is the lingua franca of the web. It's not going anywhere. Turning it off is not going to gain you anything. You are not likely to ever suffer an exploit from it any more than any other exploit from any other language, software or system.
I have a cesspit PC just for this very occasion. Sometimes it is fun just to see how gross it gets and imagine that some people actually use something like this as their daily driver!but alas you needed to enable javascript to view it. Anyone see the lunacy in that? )
Yep lets make the PC's out of rocks and fire, out of scratch. And check every single line of code. Russians taking this "task" right now.If only more people were like you!
However, the majority of javascript "programmers" seem to be lazy, unassuming programmers with zero knowledge of the ramifications of using a system of blind inclusion of source code.
In all fairness this is a good thing and I wish it didn't take wars to encourage companies to do so.Yep lets make the PC's out of rocks and fire, out of scratch. And check every single line of code. Russians taking this "task" right now.
I'm not sure facts back up your statement. In fact, I know it's totally wrong.JavaScript is the lingua franca of the web. It's not going anywhere. Turning it off is not going to gain you anything. You are not likely to ever suffer an exploit from it any more than any other exploit from any other language, software or system.
I didn't state that. However, it's one thing to audit code line by line, it's another to blindly insert code into your own code without knowing what it does and why it does it. Trust is something, blind trust is stupidity.Yep lets make the PC's out of rocks and fire, out of scratch. And check every single line of code. Russians taking this "task" right now.
Javacsript is the vector. There are other 'languages': css is one.
I suppose it doesn't really need to be a programming language that can be a vector.mark_j CSS is not a programming language. There are no native programming languages in the browser except for javascript
The culture is particularly bad with Node.js / Javascript communities. Here the general trend is towards millions of "microdependencies".Don't other languages have same problems in their package managers?
Note , chromium browser contains 2.300.000 code lines of javascript.
time
on the official chromium github repo, here's the output:===============================================================================
Language Files Lines Code Comments Blanks
===============================================================================
Arduino C++ 1 17 8 5 4
Assembly 68 72876 65703 776 6397
GNU Style Assembly 140 214881 195068 2649 17164
Autoconf 154 23300 20928 1304 1068
Automake 22 6413 5576 261 576
BASH 62 4034 2603 779 652
Batch 40 1005 647 142 216
C 1283 699971 480417 133889 85665
C Header 45892 5202302 3117133 1156709 928460
CMake 89 14614 12279 1080 1255
C# 232 147024 119078 16680 11266
CoffeeScript 4 1070 941 21 108
C++ 53341 15477368 11757584 1463055 2256729
C++ Header 96 8874 5859 1665 1350
CSS 1414 75320 59539 5644 10137
D 1 17 4 10 3
Dart 3 129 102 7 20
Dockerfile 35 1835 1358 266 211
.NET Resource 7 1904 1452 452 0
Dream Maker 1 1 1 0 0
Emacs Lisp 8 969 579 229 161
Elm 2 542 399 32 111
FlatBuffers Schema 11 1483 491 765 227
Forth 1 2 2 0 0
GDB Script 1 34 17 14 3
GLSL 3 102 51 33 18
Go 7 827 683 61 83
Groovy 3 1955 1585 210 160
Handlebars 13 107 107 0 0
Happy 1 498 449 0 49
HLSL 3 80 63 9 8
INI 107 3827 2651 16 1160
Java 8670 1662433 1147431 294472 220530
JavaScript 21040 3641765 2487826 764970 388969
JSON 5661 2209774 2206543 0 3231
JSX 5 849 677 60 112
LD Script 4 39 31 5 3
Makefile 45 3349 2237 536 576
Meson 10 965 792 63 110
Module-Definition 23 14099 13964 67 68
MSBuild 11 577 518 29 30
Objective-C 157 76796 59183 8571 9042
Objective-C++ 4270 796018 589123 84645 122250
OpenType Feature | 1 3834 3110 1 723
Pan 6 91 67 7 17
Perl 104 24048 16172 4589 3287
PHP 752 40605 26734 9791 4080
PowerShell 1 20 9 6 5
Protocol Buffers 963 119654 64377 38370 16907
Python 5818 1093137 852664 91059 149414
R 1 23 20 0 3
RPM Specfile 4 1357 1135 123 99
Rakefile 2 185 142 11 32
ReStructuredText 122 33991 25340 0 8651
Ruby 23 6305 5215 268 822
Sass 12 178 137 15 26
Shell 427 34095 22318 6931 4846
SQL 178 9266 8671 255 340
SVG 3517 173450 153910 11954 7586
Swift 71 5768 3903 1014 851
SWIG 1 98 56 28 14
TeX 1 1454 1441 11 2
Plain Text 29743 1599903 0 1531852 68051
TOML 143 6885 4797 1268 820
TypeScript 1829 321573 223558 56099 41916
Vim script 6 338 273 43 22
Visual Studio Sol| 1 26 25 0 1
WebAssembly 2 8 8 0 0
XSL 82 2488 2282 80 126
XML 3527 625625 569565 20268 35792
YAML 587 33103 29223 1290 2590
-------------------------------------------------------------------------------
HTML 86806 2183417 1957814 85968 139635
|- CSS 33393 471692 429668 9019 33005
|- HTML 842 12700 12510 134 56
|- JavaScript 49962 1698709 1435041 73721 189947
|- Plain Text 9 67 0 67 0
(Total) 4366585 3835033 168909 362643
-------------------------------------------------------------------------------
Jupyter Notebooks 18 0 0 0 0
|- Markdown 3 262 0 203 59
|- Python 3 902 629 99 174
(Total) 1164 629 302 233
-------------------------------------------------------------------------------
Markdown 2458 246083 0 185893 60190
|- ABNF 1 57 36 9 12
|- BASH 68 806 660 93 53
|- C 5 63 54 0 9
|- CMake 1 49 34 8 7
|- C++ 55 3396 2540 521 335
|- CSS 8 117 111 3 3
|- HTML 44 814 737 35 42
|- Java 32 1610 1202 239 169
|- JavaScript 25 698 541 127 30
|- JSON 16 576 572 0 4
|- Lisp 1 7 7 0 0
|- Objective-C 2 75 52 4 19
|- Python 32 861 721 52 88
|- Ruby 1 17 11 2 4
|- Rust 103 3701 2872 329 500
|- Shell 89 1203 1019 121 63
|- SQL 3 87 74 10 3
|- TOML 61 227 176 34 17
|- XML 13 303 265 28 10
|- YAML 2 37 37 0 0
(Total) 260787 11721 187508 61558
-------------------------------------------------------------------------------
Rust 2659 851932 755910 31493 64529
|- Markdown 1261 105738 8619 78226 18893
(Total) 957670 764529 109719 83422
-------------------------------------------------------------------------------
Vue 16 194 104 42 48
|- CSS 13 359 294 7 58
|- HTML 16 473 461 12 0
|- JavaScript 16 884 697 125 62
(Total) 1910 1556 186 168
===============================================================================
Total 282822 37789179 27090662 6018910 4679607
===============================================================================
tokei 10815.21s user 35.26s system 317% cpu 57:02.70 total
It can probably be done with GitHub too tbh with "forgotten password" emails pointing to lost domains.It's not NPMs fault, it happens mostly to NPM lately because of popularity.