There's like 50 different ones with different models of what a package is, capabilities, etc. But at least when it's such a pain you don't end up with JS mess where everything depends on everything and deleting a trivial package breaks half the web.
> and deleting a trivial package breaks half the web.
I assume you’re talking about the left-pad incident? It happened over 5 years ago and policies have been put in place to stop it happening again. It was a mistake, they learned from it and moved on.
Secondly, this issue isn’t specific to JS or NPM, a few years ago someone deleted their Golang project on GitHub and broke the ecosystem in a similar way. If anything, it’s less likely to happen on NPM today as it acts as a cache
I don't think your parent comment was hating on NPM / Node specifically, but rather was pointing out that the biggest determiner of whether programmers on a particular platform depend willy-nilly on whatever libraries they can find just to make coding small features more convenient is whether the language ecosystem they're in makes that easy to do.
For that reason, your point about Go only further reinforces their point, since Go was (I think) the first language to make importing another project from the web completely trivial, just one line of code.
On the one hand, I think it's bad for a language ecosystem to repeatedly get in the way of doing something that it many cases it does make sense to do, but on the other hand if you think (most) programmers are going to immediately take us to modern programming dependency hell without that, you can start to see it as a kind of silver lining.
> But at least when it's such a pain you don't end up with JS mess where everything depends on everything and deleting a trivial package breaks half the web.
JS doesn't have real issues, when I say JS I say in the context in which it was created, AKA the browser. Browsers have an huge API where everything and its contrary are possible.
The problem is Node.js delegating the most basic things to a for profit company, NPM and it was 100% by design... with Node.js, you can't even parse a multipart request without a 3rd party package... the whole "unix philosophy" for packages was purely marketing bullshit and someone got very rich exploiting Node.js bad choices (Isaac...)
> you can't even parse a multipart request without a 3rd party package
Of course you can (if you want to), how do you think all of those 3rd party packages are built in the first place? Using NodeJS APIs of course, that you can also use if you want to.
But why re-invent the wheel when someone already created it? Just make sure the library you include serves one purpose, has a light amount of code, actually does what you want it to and doesn't change their own API willy nilly. Following these guidelines (for any language ecosystem you use) leads to a lot less hassle when it comes to dependencies.
> Of course you can (if you want to), how do you think all of those 3rd party packages are built in the first place? Using NodeJS APIs of course, that you can also use if you want to.
Don't be obtuse, by that logic you don't need to use any third party package to write a professional app backed by database in node.js, just write your own MYSQL/Postgres driver? hey /s
My point is I shouldn't have to download a package or write a multipart request parser to manage files sent to a http server.
Someone made a profit out of that stupid situation with a terrible package manager, NPM, all by design.
Node.js creator himself said that relying on NPM was a terrible mistake, that's why he went on creating DENO.
> My point is I shouldn't have to download a package or write a multipart request parser to manage files sent to a http server.
Honestly, how many languages ship something like a multipart parser with the core API? And to be frank, I don't think I'd like the language I'm using to do this, only ~30% of my projects touch web-related stuff anyways.
> Someone made a profit out of that stupid situation with a terrible package manager, NPM, all by design.
I agree that NPM/NPM Inc is horrible, but for lots of other reasons. Also don't think it was on purpose, just poor and rushed design.
> Node.js creator himself said that relying on NPM was a terrible mistake, that's why he went on creating DENO.
So? Doesn't mean he is right, who knows what have happened with NPM? Maybe NodeJS would never have taken off in the first place. Brendan Eich also apparently doesn't like gay people, does that mean every JS developer needs to think like him?
> So? Doesn't mean he is right, who knows what have happened with NPM? Maybe NodeJS would never have taken off in the first place. Brendan Eich also apparently doesn't like gay people, does that mean every JS developer needs to think like him?
He is absolutely right, NPM was a grift all along. The whole "unix philosophy" argument to justify a paper thin std lib was a farce. NPM architecture is terrible to begin with. NPM is designed the way it is(was, fetch X times the same package instead of linear dependencies) because NPM corp targeted growth as a startup, not eco-system stability.
Again, agree that architectural/technically speaking, NPM and it's registry is horrible.
But that NPM was a grift, std lib was a farce and everything designed to fuel growth of NPM Inc is gonna need to have some more evidence behind it than you feelings.
And please, I really wish you do have proof of this as I'd like it very much if NPM Inc got put into their place. But I find it unlikely they designed things for this purpose. In the end (at least for me), the quest for truth is more important than what I think is right.
I think node.js still have a bigger standard library compared to Rust. You can write a http server (including https and http/2) easily with only standard library.
I disagree with literally all you said. Modules in the browser used not to exist until very recently. NodeJS/npm is a very decent ecosystem. It's not perfect, it's software. NodeJS explicitly strove to keep its standard library small unlike e.g. Python whose stdlib is also a huge legacy.
> I disagree with literally all you said. Modules in the browser used not to exist until very recently. NodeJS/npm is a very decent ecosystem. It's not perfect, it's software. NodeJS explicitly strove to keep its standard library small unlike e.g. Python whose stdlib is also a huge legacy.
Node.js creator created DENO because he thought relying on NPM was a terrible mistake. If even the creator of Node.js said that, then he knows that a bunch of grifters profited from the bad choices made back then.
Can you name a single better package manager functionally comparable to npm? Delegating the whole packaging system to its own world is indeed questionable. However, in the context of node it works very well because it is designed with npm in mind. As for your corporate grievances—-managing a packaging ecosystem is a huge maintenance and cost burden. You have to host the packages, provide CMS, deal with abuse, security, user complaints and all the other nonsense. These are inevitable things with a centralized package manager. If you don’t like it, there’s always the git way.
You're not getting it. Node.js itself should have had a more substantial standard library, that's all I'm saying. Who effectively owns Node.js since NPM is bundled with Node.js? Whoever owns NPM, therefore Microsoft now.
Weren't people here outraged at Copilot? Do people really believe that Microsoft isn't running copilot on NPM packages?
