
NPM – Next Generation Package Management - jonny_eh
https://blog.npmjs.org/post/178027064160/next-generation-package-management
======
chatmasta
npm is trash, with horrible performance and a horrendous security track
record. At this point there is zero reason to use npm over yarn. Now this? Why
would I ever trust a _brand new_ (and thus full of undiscovered bugs) product
from the same company behind npm?

------
voidr
I prefer to have a package manager, that I control, rather than having a
runtime that can randomly go out to the internet and download code, while I'm
trying to run the application itself.

------
officialchicken
In js world, the ideal solution for lack of security, poor uptime, no
file/package integrity, bloated packages, and fragmentation hell... is to
replace node.js runtime with something that can do background downloads and
place the files in a global location? And it should include a template engine,
a bundler, transplier, kitchen sink, etc. Does NPM have any engineering
leadership?

