
GitHub Cancer - kiyanwang
https://medium.com/@sAbakumoff/github-cancer-180db780d99d#.vjnam6i93
======
anewhnaccount
But if you vendorise dependencies like this you don't have to worry about the
npm repo going down.

~~~
theknarf
I don't like your argument, I'm a bit of a purist. But the problem is that it
very much makes sense. Github could go down for an hour or two, we recently
had the whole problem with the leftPad package which was deleted, and npm
don't always produce the same versions of dependencies (since their missing
something similar to PHP's Composer's .lock file). I don't think it's a good
solution, but it's absolutely a valid one.

