
Npm's real problem wasn't the code, but how it's developed, deployed and used - CrankyBear
http://www.zdnet.com/article/show-stopping-bug-appears-in-npm-node-js-package-manager/
======
krapp
I feel like the development and deployment issues mentioned are more endemic
to webdev (or maybe webdev+javascript) than NPM, if it's even useful to
separate "code" and "culture" in the way the article attempts to. Developers
will be pulling and deploying to production regardless of the package manager
being used. But if they don't, the package manager destroying their test
servers is still something that should never happen.

But... clearly NPM's real problem _is the code._

------
sli
> Still, others point out that the npm blog announcing 5.7.0 certainly reads
> like an official release announcement.

Ok, granted, this much is true. But so far as I know, you'd have to be using
npm@next to have gotten 5.7.0, not just the regular npm package. I'll fully
agree that npm should not have introduced a bug like this, but how great of an
idea is it to run bleeding edge versions in production?

------
dfl__
running npm as sudo seems to be the real problem here. why is the article not
talking about this?

------
tomohawk
sudo never did seem like it added much other than opportunity for mischief
like this to occur.

------
wincy
Wow, I love going to a website and immediately being presented with an
autoplaying video playing techno music.

~~~
taytus
Weird, no autoplaying video for me ‍️

~~~
tvmalsv
Auto-played for me, too.

