I *think* this particular situation hit v. close to home this time. Dominic's modus operandi is really similar to mine, and many others. Feel it really is mostly chance it's him that this has happened to.
-
Show this thread
-
I see so many "famous" programmers commenting on the situation, and talking about how *they* would have done things differently. Take responsibility (?), archive a repo, etc. I don't think they don't understand that their own experiences aren't comparable here.
2 replies 1 retweet 8 likesShow this thread -
Like: we're talking about a human that's been giving away their work away for free for the better part of a decade. Write access to 423 modules means that's been ~90 modules a year for 5 yrs. Or about a new module published every ~4 days. That's a scale most people don't know.
1 reply 3 retweets 23 likesShow this thread -
For people to come in, and make claims how "they had a popular project once, and did X" is completely missing the point. Imagine not having "a popular project once". But having written a bunch of projects 5 years ago that now have ~a million downloads a month each.
1 reply 1 retweet 11 likesShow this thread -
Do you still care about some random code you wrote 5 years ago? Probably not. Would you unpublish that code / archive that code if it's being used? Probably not. If someone stepped up and offered to maintain that code, would that be welcome? Most likely, yes.
1 reply 6 retweets 19 likesShow this thread -
In an ideal world there'd companies throwing people at these problems, and ensuring that their foundations are secured. So we could create a process in which we vet the people who are best suited for the job. In practice we tend to accept the help that's available. And gladly so
4 replies 4 retweets 16 likesShow this thread -
Replying to @yoshuawuyts
unpopular opinion, I'm guessing, but - "batteries included" version of node with enough useful built-in libs to run a ton of apps / scripts with no npm packages at all. Ie, move useful packages into the node organization itself, so those packages would get a bit more vetting
1 reply 0 retweets 0 likes -
Replying to @pmuellr
Don't know if you noticed, but I deliberately didn't touch on speculating about solutions. By the way, I inherently think the problems Node are facing are those of scale. Shuffling the problem around, or removing npm completely is probably not the solution.
1 reply 0 retweets 0 likes -
Replying to @yoshuawuyts @pmuellr
Enterprises like npm a lot because it can drive down development costs. Removing it from the equation only means people will resort to submodules for everything that isn't in the stdlib. Which is subject to many of the same issues, just at a smaller scale.
1 reply 0 retweets 0 likes
But I get where you're coming from though. Your concerns seem stemmed in the fact that people both pull in lots of packages on average, and that their functionality is hard to audit. I think these observations are very valid, and we indeed should think of ways to improve!
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.