Have you ever looked at the available packages in a Linux distribution like Debian or a BSD? There are thousands and thousands of library packaged to support software releases. Like I said, that had been the distribution model for the better of twenty+ years until this new, shittier, model.
Comment on NPM Package With 56K Downloads Caught Stealing WhatsApp Messages
Venator@lemmy.nz 3 weeks agonoone wants to do because developers want the latest and greatest model.
That’s not true at all, the OS doesn’t have, and shouldn’t have, everything that a package has…
The alternative isn’t for the OS to do it: its to implement everything yourself… Speaking previous from experience working at a company that did exactly that… It has its own set of problems… But it is at least secure 😅
wildbus8979@sh.itjust.works 2 weeks ago
Venator@lemmy.nz 2 weeks ago
There are thousands and thousands of library packaged to support software releases
there are over 3.1 million packages available in the main public npm registry…
vithigar@lemmy.ca 2 weeks ago
There’s another alternative, which is manually adding libraries to your project yourself instead of doing it all automatically through a package manager.
Yes, it’s less convenient to download and import a package manually, especially if you need to do the same with a litany of dependencies, but I don’t feel like that’s a bad thing. Raising the barrier of entry for arbitrarily adding thousands of lines of other people’s code to your project would force people to think about how much of that they actually need.
Venator@lemmy.nz 2 weeks ago
Or you can just use git and review the changes to the packages when they change…