To me it doesn't really matter what is injected, as long as it's undisclosed in places people would look (NPM/Readme/Docs/etc), it's unacceptable

It's in the code. That's where people should look first and foremost in opensource dependencies. Otherwise how do you know you're not pulling in some horrible, bug ridden crap as a dependency? Most npm code has almost 0 documentation anyway.

If you expect a developer to review every line of code of every version of every module all the way down the NPM dependency tree then we can forget about anyone ever completing a project.

There are other solutions.

You don't need to review every line. Just general code quality, and search for obvious obfuscations/or things like these.

Simply instantiating a React project with `create-react-app` generates a lock file with over 1300 transitive dependencies:

    $ npx create-react-app sample-app
    $ cd sample-app
    $ cat package-lock.json | jq '.packages | length'
    1393

Expecting all developers (including those new to the field) to manually audit each and every one of these packages simply isn't feasible.

I’m curious what this “The Current Thing” phrase is supposed to mean. I’ve seen it used a few times very recently, and as best I can tell it seems to mean something along the lines of “all opinions on a current event or political issue are equally valid and thus any strong position on the event or issue ought to be mocked.”

I think it's poking fun at people who didn't care about [the current thing] X days ago, but are now really passionate about it.

Like one month almost all their posts are about COVID and the next month almost all their posts are about BLM.

But the "current thing" often isn't a new thing, and instead touches on some core value. For example, people who have never been to Ukraine or know anything about it still care about Ukraine because the situation speaks to issues of violence, freedom, honesty, safety, etc. And people who have never watched a college swim meet care about the trans swimmer because it speaks to issues of fairness, inclusion, gender, etc.

I think there's some validity to pointing out that we don't all have to weigh in on national conversations or lose sight of the bigger picture. But I think it's also a way to try to shut down conversations using a blanket criteria: new, popular conversation == bad conversation. That philosophy can't reasonably be applied to all new conversations without doing more harm than good. In my experience the "current thing" critique is very selectively applied to discussions the commenter is opposed to or bored with, which is subjective and very personal.

"the current thing" is everywhere and it gets incredibly tedious to see the same opinions and ~~discussions~~ arguments infecting everything.

This has nothing at all to do with the correctness of any of the positions, just their pervasiveness.

You pop up in a few convo threads that TobyTheDog is in. That's a coincidence isn't it

"You pop up in a few convo threads that TobyTheDog is in."

So do you. So do I.

It's not a coincidence, and it's not the implied other explanation.

It's because the structure of vote-sorted top-N list sites like HN, Reddit, and so on, focuses most people on the same short list of topics.

We will all bump into each other again, whether or not we have any intention of doing so.

We're all chatting on the first two pages of stories. We will all collide frequently with people holding similar hours.

It's.... almost like people want to have a discussion about this? I'm confused about what you're implying.

Did you mean to respond from your other account?

I guess I should've figured out that you've been arguing in bad faith this entire time.

I'll give less benefit of the doubt with the next troll.

Whatever is pushed by big media as high virtue to the masses for benefiting corporations or established political forces e.g. the Iraq war, "orange man bad", dictatorial vaccines over any therapeutics, the Ukraine war etc.