Left pad is a good example of why you shouldn’t.
Event stream as well. TL;DR: popular npm library get infested with Bitcoin stealing code.
https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident
can you elaborate
This was excellent, but conveniently left off any discussion that npm can “un-un-publish” a programmer’s code against their wishes, and apparently without repercussions?
Fuck npm, I guess.
Absolutely they can un-unpublish since the programmer has given everyone the rights to use his code wherever they want, with its open license. Npm can actually use the older version of the code and give it to everyone. Its actually a good thing
Right, the “open” part of open source.
Thank fuck for that, cause if they didn’t
faker.jsandnode-ipcwould have caused a lot of trouble, with the developers adding malware to a new version and later deleting the entire packages, breaking tons of projects. And those were everything but small packages.All for the greater good, especially if it’s the choice between one guy’s desire to nuke their own code VS tens / hundreds of thousands of projects that depend on it.
That was a rather nice read :) thank you!
Thank you for sharing this. I learn something new everyday, much appreciated.
It’s all fine and dandy, until the package one day prevents you from upgrading some other package.
Well, how else would I add the Konami code for desktop and touchscreen devices?
