5

avoid npm!! avoid it like it was the plague!

Comments
  • 2
    I love npm, it's so simple to use.
  • 0
    Npm. So very true.
  • 1
    @Marl3x I'll push your node_modules to your repos
  • 7
    @Marl3x
    So simple to install packages.
    So simple to update your dependencies.
    So simple to use it for everything.
    So simple to watch as your dependencies require rewrites every month.
    So simple to watch your project's dependencies break repeatedly.
    So simple to slip into dependency hell.
    So simple for package maintainers to update their packages.
    So simple to use other people's absolutely atrocious code without ever having to see it.
    So simple to get malicious code propagated to your projects without you ever even realizing it.
    So simple to screw over your end-users with terrible resource efficiency, spyware, and crypto miners.
    So simple to get blamed for all of this, despite you never seeing nor intending any of it.
    So simple!
  • 2
    @Root sounds simple enough, to have no accountability of source code.
  • 2
    @C0D4 NPM makes it so simple to bait-and-switch fancy features with malicious code that you'd think it was built that way intentionally. Hell, you can even distribute minified production code that differs from what's readable in the package's repo. 🙄
  • 0
    @Root I see your points, but I've actually never experienced those problems.
  • 2
    @Marl3x You will eventually.
  • 2
    @Root that's always been my concern with these places.

    It's one thing to share code, it's another to switch it out for a coin miner or "extra feature", and no one would be the wiser till it's too late.

    Then you have the dramas of dependencies breaking, or being deleted... LPAD anyone?

    I know it speeds up prototyping, but production costs (dev and time) to maintain software you don't control or have ownership of would piss me off more then it's probably worth.

    Open source doesn't mean it's good or viable source.
  • 1
    @C0D4 Is this only a concern with npm though, are Managers like Maven saver?
  • 1
    @Marl3x I have this with all really, maven and composer are usually single packages and not like npm where you have dependencies within dependencies, or I've been lucky with my package selections, but it's as if no one actually wrote a line of code at the top package.
  • 0
    @TechNomad oh come on, there is a ton of languages to pick from, it's not the same
  • 0
    @TechNomad I interpreted your last sentence as "If not with js/npm, then how (would you do the work)??".

    My answer to that is "there are just many other languages to pick to build a web application".

    Did I misinterpreted something?
  • 1
    @Root you savage rock star
Add Comment