I *think* this particular situation hit v. close to home this time. Dominic's modus operandi is really similar to mine, and many others. Feel it really is mostly chance it's him that this has happened to.
-
-
unpopular opinion, I'm guessing, but - "batteries included" version of node with enough useful built-in libs to run a ton of apps / scripts with no npm packages at all. Ie, move useful packages into the node organization itself, so those packages would get a bit more vetting
-
Don't know if you noticed, but I deliberately didn't touch on speculating about solutions. By the way, I inherently think the problems Node are facing are those of scale. Shuffling the problem around, or removing npm completely is probably not the solution.
- 2 more replies
New conversation -
-
-
btw, I've actually written something more like 700 modules, I recently tranferred 343 of them to https://www.npmjs.com/~nopersonsmodules … I didn't want to maintain them, but I realized the huge bummer was telling that to someone who posted an issue
-
Ah, okay! -- Yeah I thought you had more modules than I did; figured I misremembered or something, haha
End of conversation
New conversation -
-
-
I wrote a thing I needed 5yrs ago that other people also turned out to need, including a company that depends directly on it. When I wanted to stop maintaining it, I tried to hand it off to them but they wouldn't reply to me, so I gave it to someone who made a few good PRs
-
That package got 1.7 million downloads last week and is directly security related, fortunately the person I handed it off to turned out to be a great and responsible maintainer, but I didn't do any "vetting" other than "this person contributed a few times and seems interested"
End of conversation
New conversation -
-
-
The funding question is a big mystery, I think so far the closest model would be taxes, because it's a shared universal cost. But the way open source starts is detrimental to itself: cute tiny hobby project gets attention, gets some updates, gets used, becomes critical.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.