Hacker News new | comments | ask | show | jobs | submit login
NPM – Next Generation Package Management (npmjs.org)
11 points by jonny_eh 4 months ago | hide | past | web | favorite | 3 comments

npm is trash, with horrible performance and a horrendous security track record. At this point there is zero reason to use npm over yarn. Now this? Why would I ever trust a brand new (and thus full of undiscovered bugs) product from the same company behind npm?

I prefer to have a package manager, that I control, rather than having a runtime that can randomly go out to the internet and download code, while I'm trying to run the application itself.

In js world, the ideal solution for lack of security, poor uptime, no file/package integrity, bloated packages, and fragmentation hell... is to replace node.js runtime with something that can do background downloads and place the files in a global location? And it should include a template engine, a bundler, transplier, kitchen sink, etc. Does NPM have any engineering leadership?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact