Hacker News new | comments | show | ask | jobs | submit login

> Now people will start wondering if a module with millions of installs in the last month is still going to exist tomorrow.

That's a smart thing for people to wonder when there is a very real possibility that it won't. I'm not going to applaud the author's action here, which I consider reckless, but it did bring attention to how fragile this "essential" infrastructure really is.

It's not reasonable to be skeptical of every package. When you do that you get a mess of locally stored packages that end up out of date.

Should really just be a 'publish is forever' mentality

It is absolutely reasonable to be skeptical of every package. You probably shouldn't be on the bleeding edge of packages and likely ought to have locally stored packages.

You of course need to audit and improve your local store, but you need to do that with your dependencies anyway

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact