can you elaborate
Comment on What could possibly go wrong
kamen@lemmy.world 1 year ago
Left pad is a good example of why you shouldn’t.
Caboose12000@lemmy.world 1 year ago
v1605@lemmy.world 1 year ago
Feirdro@lemmy.world 1 year ago
This was excellent, but conveniently left off any discussion that npm can “un-un-publish” a programmer’s code against their wishes, and apparently without repercussions?
Fuck npm, I guess.
mexicancartel@lemmy.dbzer0.com 1 year ago
Absolutely they can un-unpublish since the programmer has given everyone the rights to use his code wherever they want, with its open license. Npm can actually use the older version of the code and give it to everyone. Its actually a good thing
DarkenLM@kbin.social 1 year ago
Thank fuck for that, cause if they didn't
faker.jsandnode-ipcwould have caused a lot of trouble, with the developers adding malware to a new version and later deleting the entire packages, breaking tons of projects. And those were everything but small packages.Anonymousllama@lemmy.world 1 year ago
All for the greater good, especially if it’s the choice between one guy’s desire to nuke their own code VS tens / hundreds of thousands of projects that depend on it.
johannes@lemmy.jhjacobs.nl 1 year ago
That was a rather nice read :) thank you!
milkjug@lemmy.world 1 year ago
Thank you for sharing this. I learn something new everyday, much appreciated.
magic_lobster_party@kbin.social 1 year ago
Event stream as well. TL;DR: popular npm library get infested with Bitcoin stealing code.
https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident