Hacker News new | past | comments | ask | show | jobs | submit login

good luck to your friend with repeatable installations :P



"If you wish to make apple pie from scratch, you must first create the universe"

- Carl Sagan

the npm ecosystem takes this quite literally, for better or worse.


I'll credit npm with this, truly, when there's a package for each one of the Peano postulates. (As an actual functional dependency.)


If you need repeatable installations, wouldn't node be the wrong tool? I mean, you'd have to freeze everything yourself and then those libraries become _your_ problem. Ugh. That's a hell nobody wants.


To be pedantic, it's "wouldn't npm be the wrong tool" (it isn't, necessarily, I believe lockfiles provide you with reproducible builds)

Vendoring/copying them is another way to achieve this (and means you don't need to depend on npm or its lockfiles).

Regardless, those libraries are your problem whether you vendor/copy them or not.

Read more: https://research.swtch.com/deps


You’d just have a local cache, you can pull updates from authors if needed.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: