I don't think computer people really realize just how little (relevant) malicious code actually exists on the anyone-can-upload package registries, and folks seem to consistently overestimate the actual threat level here
And no, it's not *just* security folks overestimating the threat level, tons of software developers do it too (and often at the same time overlook the things that are *actually* dangerous)
This also feels like one of those cases of the metaphorical-law-I-forgot-the-name-of, where people perceive an uncommon event as being really common because it's so uncommon that it gets widely reported every time it happens, and therefore skews people's perception of its frequency
@joepie91 confirmation bias + Dunning-Kruger effect?
@nerkles Nah, there's a more specific name for it. Something to do with news coverage specifically, where uncommon events are always covered and therefore seem common, whereas common events are not worth reporting on and are therefore perceived as uncommon.
fuchsiaaaaaaaaaaaaaaaaa
@joepie91 @nerkles 'Selective reporting' it seems https://rationalwiki.org/wiki/Selective_reporting
