by design compared to all of the afforementioned package managers just by the hash check alone.
## Okay, but how does the industry "never learn"?
Simple, the package managers are still growing in popularity, there is no blowback, new developers are still being lead to use
NPM, PyPi, Rust crates, public CDN CSS/JavaScript libraries, etc. There is no practice of auditing the code you are pulling at all.
by design compared to all of the afforementioned package managers just by the hash check alone.
## Okay, but how does the industry "never learn"?
Simple, the package managers are still growing in popularity, there is no blowback, new developers are still being lead to use
NPM, PyPi, Rust crates, public CDN CSS/JavaScript libraries, etc. There is no practice of auditing the code you are pulling at all.