And in fact wasn't a popular Python library just compromised very recently? See https://news.ycombinator.com/item?id=47501426.
replySo Python's clearly not "batteries included" enough to avoid this kind of risk.
That's my point. You can have a large standard library like those languages I mentioned, but that isn't going to include everything nor cover every use case, so you'll have external libraries (via PyPi for Python, NuGet for .NET, and Maven for Java/JVM).
replycomparing to Node, .NET is batteries included: built-in Linq vs needing lodash external package, built-in Decimal vs decimal.js package, built-in model validation vs class-validator & class-transformer packages, built-in CSRF/XSRF protection vs csrf-csrf package, I can go on for a while...
replyPython's standard library is definitely much more batteries-included than JavaScript's.
reply