Programmer Humor

31324 readers

28 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

founded 4 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

cat_programmer@lemmy.ml

292

Package managers be like (linux.community)

submitted 9 months ago by ExLisper@linux.community to c/programmerhumor@lemmy.ml

151 comments fedilink hide all child comments

Sorry Python but it is what it is.

you are viewing a single comment's thread
view the rest of the comments

[–] SpaceNoodle@lemmy.world 46 points 9 months ago (1 children)

npm is objectively worse. Base pip packages aren't getting hijacked.

[–] Redscare867@lemmy.ml 22 points 9 months ago (1 children)

Maybe I’m misremembering, but didn’t pip have it’s own security concerns earlier this year?

[–] _stranger_@lemmy.world 6 points 9 months ago (1 children)

I believe that was just name squatting.

[–] fragment@lemmy.world 6 points 9 months ago (1 children)

It’s less the name squatting and more pip not supporting a certain PyPI resolution order: https://github.com/pypa/pip/issues/8606

For example, I have A, B and C in my requirements.txt but I want to install C from my own private PyPI. Everything works fine until someone uploads a package name C to the public PyPI then suddenly I’m not installing my private package anymore.

[–] _stranger_@lemmy.world 2 points 9 months ago

Yeah, I remember now. the name squatting was from people putting malicious packages under misspelled names of well known packages, like "requets" instead of requests.