re: I have never seen a better package manager than NPM. That made me laugh, thank you. Now I wonder what else package manager have you seen.

Golang has a really nice package management in my opinion. NPM is kinda bloated and security leaves much to be desired...

Also, my previous office project's node_modules weighted 5 gigabytes...Half of the installed packages were including lodash (different versions), moment.js and other popular js helpers libs. It would be really nice if this can be somehow unified so that I don't have x versions of some packages installed. Most of the package authors are not updating their dependencies, leaving users with security flaws sometimes.

So basically, no, NPM has a long way to go yet to be a really good package management (and JS really need one).


AFAIK, both yarn and pnpm keep the only version of each dependency.

I think yarn doesn’t but pnpm works that way for sure.

code of conduct - report abuse