Fuck that. It’s awesome! I want to have lazy initialized globals. It’s that package. I want code to shorten my builder pattern I import that. I need a typed concurrent work steel queue. No problem.
I look at a c project. Everywhere custom macros to do the most basic shit. I want to parse an xml in c? Better use a sax Parser and put all the data into globals. Cryptography? Better implement that ourselves… Using a library would be too much of a hassle.
NPM is already on the “isn’t” side of it. Specially with all the malware going around. Who has time to read the code of the dependencies of the dependencies of their dependencies? For every single version. It’s just not possible…
I guess the main concern with this is security. You’re literally running code you don’t even know about on your machine, probably next to personal files or your company’s code base.
A simple http call to publish all your private code wouldn’t be hard to sneak in a 6th level dependency.
Fuck that. It’s awesome! I want to have lazy initialized globals. It’s that package. I want code to shorten my builder pattern I import that. I need a typed concurrent work steel queue. No problem.
I look at a c project. Everywhere custom macros to do the most basic shit. I want to parse an xml in c? Better use a sax Parser and put all the data into globals. Cryptography? Better implement that ourselves… Using a library would be too much of a hassle.
I mean, it’s awesome until it isn’t.
NPM is already on the “isn’t” side of it. Specially with all the malware going around. Who has time to read the code of the dependencies of the dependencies of their dependencies? For every single version. It’s just not possible…
I guess the main concern with this is security. You’re literally running code you don’t even know about on your machine, probably next to personal files or your company’s code base.
A simple http call to publish all your private code wouldn’t be hard to sneak in a 6th level dependency.