logo

drewdevault.com

[mirror] blog and personal website of Drew DeVault git clone https://hacktivis.me/git/mirror/drewdevault.com.git
commit: 760603c64e27b59b3d5f662648e374d973daaf3b
parent 24dde4c6909a660a5da9b9b76330d7fc7d3d6324
Author: Drew DeVault <sir@cmpwn.com>
Date:   Tue, 16 Nov 2021 15:56:09 +0100

Turn the flame knob down a bit


Diffstat:


Mcontent/blog/Cash-for-leftpad.md24++++++++++++------------


1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/content/blog/Cash-for-leftpad.md b/content/blog/Cash-for-leftpad.md
@@ -3,24 +3,24 @@ title: I will pay you cash to delete your npm module
 date: 2021-11-16
 ---
 
-npm's diseased culture presents a major problem for global software security.
-It's grossly irresponsible to let your dependency trees grow to thousands of
-dependencies, from vendors you've never met and probably haven't even evaluated,
-to solve trivial tasks which you could have done yourself in mere seconds if you
-had bothered to, or, if properly evaluated, you might not have even needed in
-the first place.
+npm's culture presents a major problem for global software security. It's
+grossly irresponsible to let dependency trees grow to thousands of dependencies,
+from vendors you may have never heard of and likely have not critically
+evaluated, to solve trivial tasks which could have been done from scratch in
+mere seconds, or, if properly considered, might not even be needed in the first
+place.
 
-We need to figure out a way to change this reckless behavior, but how?
+We need to figure out a way to curb this reckless behavior, but how?
 
 I have an idea. Remember left-pad? That needs to happen more often.
 
 ![A LaTeX rendering of an equation which sets a reward (in dollars) to the logarithm of weekly downloads over lines of code in base 10 times one hundred](https://l.sr.ht/Fe7o.svg)
 
-I'll pay you cold hard cash rewards to delete your npm module. The exact amount
-will be determined on this equation, which is designed to offer higher payouts
-for modules with more downloads and fewer lines of code. A condition of this is
-that you must delete it without notice, so that everyone who depends on it wakes
-up to a broken build.
+I'll pay you cold hard cash to delete your npm module. The exact amount will be
+determined on this equation, which is designed to offer higher payouts for
+modules with more downloads and fewer lines of code. A condition of this is that
+you must delete it without notice, so that everyone who depends on it wakes up
+to a broken build.
 
 Let's consider an example: [isArray][0]. It has only four lines of code: