this post was submitted on 16 Mar 2024
1 points (100.0% liked)

TechTakes

1432 readers
16 users here now

Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.

This is not debate club. Unless it’s amusing debate.

For actually-good tech, you want our NotAwfulTech community

founded 1 year ago
MODERATORS
[email protected]
1
A tale of well-designed systems (boehs.org)
submitted 8 months ago* (last edited 8 months ago) by [email protected] to c/[email protected]
18 comments fedilink hide all child comments
 

Not entirely the usual fare, but i figured some here would appreciate it

I often rag on the js/node/npm ecosystem for being utter garbage, and this post is a quite a full demonstration of many of the shortcomings and outright total design failures present in that space

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 8 months ago (2 children)

The commenters on HN and lobste.rs are generally on the side of the package creators, with the view that NPM is run by GitHub, who is owned by Microsoft. All this is true, but it doesn't follow from that that the NPM people are paid fuck-you money. I suspect they're understaffed, and overworked, and that this stunt didn't make them very happy.

Although in retrospect, not anticipating that some rando would try to depend on everything in the repository seems like a naive view on human nature.

[–] [email protected] 0 points 8 months ago* (last edited 8 months ago)
  1. If they are understaffed - Microsoft is trying to sell itself as OSS friendly, so they have absolutely zero excuse for not putting enough resources into something this load-bearing and this historically shitty.
  2. If they are well-funded, what the fuck is that money being spent on, ChatNPM?
  3. Npm was acquired by GitHub in 2020. It has been an utter dumpster fire for its entire history. Being acquired by Microsoft doesn't absolve you from having created the tool Satan the Lord of Hell will use to break the Seventh Seal and bring upon a thousand years of darkness upon humanity.
[–] [email protected] 0 points 8 months ago (1 children)

there's probably a few people trying this in every other language ritenao

guess we'll find out in a few weeks!

[–] [email protected] 0 points 8 months ago (1 children)

I mean, do any other package managers work this way? Pypi disallows complete removal from the index to prevent malware namesquatting, but nothing in pypi as a tool requires dependencies exist or be functional.

[–] [email protected] 0 points 8 months ago (1 children)

not actually sure, but I look forward to someone finding out

[–] [email protected] 0 points 8 months ago

I know pypi is a bit more responsive to issues (having seen it happen, and seen on irc how the people think about things). on the rest I haven't really been close to things for a little while because reasons

android/dart seems to give me "google or someone will intervene" vibes. not sure about the wider maven ecosystem. the mental image of trying to deal with this particular problem in their usual suggested flows (which is extremely "click here and here in these 5 menus. we'll only mention the places by name, fuck you getting circles or screenshots.") strikes me as though it may cause a hundred million wails crying out at once