12
submitted 2 months ago by cherrycode@lemmy.ml to c/webdev@programming.dev

I'm following the odin project to learn web development. I had read about malicious packages in npm multiple times, so I avoided it until now. I'm on the webpack lesson now, and to use webpack, I need to install it using npm. I also see that it has many dependencies, and those dependencies will have other depenedencies and so on.

Why is it like this? Is there any other tool like webpack that doesn't require npm? Or rather, can someone clarify how to properly use npm or link a guide that explains it? I have this kind of fear and reluctance about using npm after all the things I read.

you are viewing a single comment's thread
view the rest of the comments
[-] sorrybookbroke@sh.itjust.works 4 points 2 months ago

Yeah don't worry about it too much. Ensure you have the correct name when installing your library but that's about all you can do personally.

Any other solution will have some security flaws. NPM has a few more than it should but essentially the entire web is built around it. Sorry man, you don't have any other choices.

How to use it properly? Any npm tutorial will show you quickly. Always check you've got the right thing, always check the library is large enough that if something goes wrong it'll be noticed, and know there's no way to be completely safe without never using libraries.

If you're learning the web though there's no way to avoid npm.

this post was submitted on 16 Sep 2024
12 points (92.9% liked)

Web Development

3430 readers
38 users here now

Welcome to the web development community! This is a place to post, discuss, get help about, etc. anything related to web development

What is web development?

Web development is the process of creating websites or web applications

Rules/Guidelines

Related Communities

Wormhole

Some webdev blogsNot sure what to post in here? Want some web development related things to read?

Heres a couple blogs that have web development related content

CreditsIcon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS