One of the reasons I've never liked the Node ecosystem is the ill managed nature of NPM. 'The largest package system in the world' - sure, but it's massive swamp of crap for the most part. I'd deliberately try to use the most minimal tools when bringing things in to my projects - tape instead of ava for instance.
You'd not get this madness in, say, Perl. Or even Go. Is the culture to blame? Massive frontend frameworks? A failure to recognize what we owe to each other when we publish software?
Maintainers that aren't paid and get fed up at some point, carelessness, the absence of a vetting system or a network of trust, the absence of static security analysis, the absence of a standard library, the culture of writing small modules for everything (search the is true package).
There's a thread going around where a developer counted that the react starter kit installs 1700 packages. Most of them are transitive dependencies.
The package in question is a transitive dependency of transitive dependencies, most people don't even know it exists.
The graph of most packages, not just frameworks, it's just stupid
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Great. Left-pad's evil twin finally arrived.
One of the reasons I've never liked the Node ecosystem is the ill managed nature of NPM. 'The largest package system in the world' - sure, but it's massive swamp of crap for the most part. I'd deliberately try to use the most minimal tools when bringing things in to my projects -
tapeinstead ofavafor instance.You'd not get this madness in, say, Perl. Or even Go. Is the culture to blame? Massive frontend frameworks? A failure to recognize what we owe to each other when we publish software?
It's a mixture of many things in my opinion.
Maintainers that aren't paid and get fed up at some point, carelessness, the absence of a vetting system or a network of trust, the absence of static security analysis, the absence of a standard library, the culture of writing small modules for everything (search the is true package).
There's a thread going around where a developer counted that the react starter kit installs 1700 packages. Most of them are transitive dependencies.
The package in question is a transitive dependency of transitive dependencies, most people don't even know it exists.
The graph of most packages, not just frameworks, it's just stupid