IMO, npm is correct/better. The solution is to 'vendor' everything and have pack... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		silon42 on April 11, 2022 \| parent \| context \| favorite \| on: Node.js packages don't deserve trust IMO, npm is correct/better. The solution is to 'vendor' everything and have package updates as part of normal code review.

throw_m239339 on April 11, 2022 [–]

> IMO, npm is correct/better.

NPM was never correct. NPM as a business cared about growth. The more packages on NPM servers the more valuable their company, it's as simple as that.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact