I *think* this particular situation hit v. close to home this time. Dominic's modus operandi is really similar to mine, and many others. Feel it really is mostly chance it's him that this has happened to.
Enterprises like npm a lot because it can drive down development costs. Removing it from the equation only means people will resort to submodules for everything that isn't in the stdlib. Which is subject to many of the same issues, just at a smaller scale.
-
-
But I get where you're coming from though. Your concerns seem stemmed in the fact that people both pull in lots of packages on average, and that their functionality is hard to audit. I think these observations are very valid, and we indeed should think of ways to improve!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.