All of this NPM bruhaha has me wondering, what does a better solution look like? NPM has always been a reason I'm wary of modern JS dev. The whole ecosystem seems contingent on NPM as its central rail -- what happens when it is bought, hacked, or just flakes? I pretend that quicklisp does it better, but I am really not sure, tbh. Is a centralized package manager always going to be a or even the central point of failure for a wider ecosystem? I regularly use a bunch of different package managers across a few different languages, is one better than the other? At the end of the day is their a better model to follow?

Post a response on your own site? Send me a webmention!

Eli Mellen


Also, is another take-home moral form this incident that cryptocurrency is making the internet terrible? I think so.



@eli I’ve been working with React all summer... it’s NPM hell, and it’s depressing. I’m not a fan of having 500 or so megabytes in each repo... when you work on several projects with NPM modules/dependencies, it’s really not friendly. It was probably designed with one project in mind... at some corporation... not for the freelancer. I’m hoping there will be something way better in future.

Content: CC BY-SA 4.0