Was I in any way this condescending in my comment? I don't think so.
I certainly perceived as much. This article was sparked by a comment I read, and you seemed to take issue with the fact that I wasn't addressing the the article that the comment was in response to. I happen to disagree with the article as well, but that's not what I was addressing.
Again, your issue seems to be with the inherent trust we as developers place in the open source libraries we consume. This is not specific to NPM, or trivial libraries, it's inherent to open-source development. If this particular issue is something you feel strongly about, I suggest you write a post about it.
Brian Rinaldi is a Developer Experience Engineer at LaunchDarkly with over 20 years experience as a developer for the web. Brian is active in the community running CFE.dev and Orlando Devs.
I didn't intend it to be condescending. So I apologize if you perceived it that way. I did think the context of the comment, especially given that it's author was being intentionally abrasive (he even admits to "going there") was important since it gave a potential misconception that the article it responded to made that sort of exclusionary argument (i.e. the "you're not a real developer unless..." type of argument) about trivial libraries.
Finally, I, in no way, made the case that developers should be broadly distrusting of open source. You generalize my argument. There is a risk/reward balance and the risk isn't just malicious code - it could also be that a removed or broken dependency breaks my build, which may or may not be a simple fix. In my view, the risk for a trivial dependency does not outweigh the reward. In your view, it does.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I certainly perceived as much. This article was sparked by a comment I read, and you seemed to take issue with the fact that I wasn't addressing the the article that the comment was in response to. I happen to disagree with the article as well, but that's not what I was addressing.
Again, your issue seems to be with the inherent trust we as developers place in the open source libraries we consume. This is not specific to NPM, or trivial libraries, it's inherent to open-source development. If this particular issue is something you feel strongly about, I suggest you write a post about it.
I didn't intend it to be condescending. So I apologize if you perceived it that way. I did think the context of the comment, especially given that it's author was being intentionally abrasive (he even admits to "going there") was important since it gave a potential misconception that the article it responded to made that sort of exclusionary argument (i.e. the "you're not a real developer unless..." type of argument) about trivial libraries.
Finally, I, in no way, made the case that developers should be broadly distrusting of open source. You generalize my argument. There is a risk/reward balance and the risk isn't just malicious code - it could also be that a removed or broken dependency breaks my build, which may or may not be a simple fix. In my view, the risk for a trivial dependency does not outweigh the reward. In your view, it does.