"I will pay you cash to delete your #npm module" ~ https://drewdevault.com/2021/11/16/Cash-for-leftpad.html
"I do hope that this idea strikes fear in the hearts of any #node developers that read it, and in other programming language communities which have taken after npm. What are you going to do if one of your #dependencies vanishes? What if someone studies the minified code on your website, picks out an obscure dependency they find there, then bribes the maintainers?"
@hs0ucy Well, I’d say “WTF”, then use my backups to revert to before I upgraded, then isolate the module and copy its content to a self-coded module. And scratch my head wondering why everyone else is running in panic.
🤷 🤷 🤷
Not to mention dependency proxies, backups, local checkouts, …
This is neither a new problem nor are classic systems the solution. If you did your dependency management right in first place, you shouldn't notice much.
But I'm looking forward to see how this plays out :)
@hs0ucy I do try not to frivolously use dependencies in my own projects, I think there's a balance to be had between too many & too few. But I'd never advocate for deleting modules off any such site!
In fact I think NPM & equivalents should never *fully* delete anything to avoid causes these breakages. At least where there's an active dependency.
@hs0ucy well 1)
Why would someone do that?
2) can’t you still use the code, it’s downloaded on your website right?
You could decide to still maintain it I don’t know.
I could also pay eugen to take down mastodon, it’s still going to be here anyway
"I appreciate SDF but it's a general-purpose server and the name doesn't make it obvious that it's about art." - Eugen Rochko