
Popular JavaScript library starts showing ads in its terminal - AdmiralAsshat
https://www.zdnet.com/article/popular-javascript-library-starts-showing-ads-in-its-terminal/
======
paulddraper
This has always been an insane "feature" of npm: the developers of a package
can -- at any time -- message me whenever I install a version of it.

An ad is an obviously obnoxious form of this, but for years there's been the
vomit of dumb messages

    
    
        Library XYZ is now Library XYZ2. Please upgrade and thanks for all the love. =D
    

WHY IS THIS EVEN A THING?

Build systems/package management systems should be hermetic and reproducible.
Touching existing stuff after you've published it is just wrong.

If I wanted to see what things you've done since a particular version, I would
look at your version control history, or
[https://www.npmjs.com/advisories](https://www.npmjs.com/advisories)

------
ta5guu577g
The JavaScript ecosystem is a cess pool, horrible decisions everywhere.

Our build logs have JS library maintainers e-begging for money, e-begging for
jobs and so on, its pathetic (esp. considering the crud code in them).

The bloat and resource usage is out of control too.

Time to start over I think.

~~~
pjmlp
That is what happens when someone depends on VC money.

Regarding starting over, check

[https://youtu.be/MO8hZlgK5zc](https://youtu.be/MO8hZlgK5zc)

~~~
juststeve
wow that was a great video thank you

