62
'No Way to Prevent This,' Says Only Package Manager Where This Regularly Happens (kevinpatel.xyz)
submitted 1 week ago by rssbot@lemmy.bestiver.se to c/hackernews@lemmy.bestiver.se
5 comments fedilink hide all child comments

Comments

top 5 comments
sorted by: hot top controversial new old
[-] numbermess@fedia.io 6 points 1 week ago

I made a wrapp er script named npm on my $PATH that passes input to pnpm instead because of this. I don't think my team is ready to adopt something like that, but it seems to be working okay so far. Nobody has complained.

[-] corsicanguppy@lemmy.ca 5 points 1 week ago

Npm repos violate iso27002. So, it's out. And we remember why iso27002 is important when we see news like this.

[-] sudoMakeUser@sh.itjust.works 5 points 1 week ago

Oooh nice

[-] minfapper@piefed.social 5 points 1 week ago

"Look at how all these much smaller package ecosystems don't have the problems of the largest one."

is the tl;dr of this article.

[-] esc@piefed.social 1 points 1 week ago

Npm having a lot of packages at least partially a problem of lacking standard library, no? And partially developer culture where every trivial thing is a package. Anyway, similar thing will happen to rust soon enough (*looks at 1 gig of dependencies for a cli program*).

this post was submitted on 16 May 2026
62 points (100.0% liked)

Hacker News

4900 readers
820 users here now

Posts from the RSS Feed of HackerNews.

The feed sometimes contains ads and posts that have been removed by the mod team at HN.

Source of the RSS Bot

founded 2 years ago
MODERATORS
patrick@lemmy.bestiver.se
rssbot@lemmy.bestiver.se