I really need to get around to publishing my "#Microsoft are bad landlords" post where I rip into them for doing absolutely nothing with #npm to make it more secure (and also owning VSCode, GitHub and all the other tools that make supply-chain attacks easy)

https://arstechnica.com/security/2024/11/javascript-developers-targeted-by-hundreds-of-malicious-code-libraries/#comments