noone wants to do because developers want the latest and greatest model.
That’s not true at all, the OS doesn’t have, and shouldn’t have, everything that every random npm package has…
The alternative isn’t for the OS to do it: its to implement everything yourself… Speaking previous from experience working at a company that did exactly that… It has its own set of problems… But it is at least possibly secure 😅
There’s another alternative, which is manually adding libraries to your project yourself instead of doing it all automatically through a package manager.
Yes, it’s less convenient to download and import a package manually, especially if you need to do the same with a litany of dependencies, but I don’t feel like that’s a bad thing. Raising the barrier of entry for arbitrarily adding thousands of lines of other people’s code to your project would force people to think about how much of that they actually need.
Have you ever looked at the available packages in a Linux distribution like Debian or a BSD? There are thousands and thousands of library packaged to support software releases. Like I said, that had been the distribution model for the better of twenty+ years until this new, shittier, model.
That’s not true at all, the OS doesn’t have, and shouldn’t have, everything that every random npm package has…
The alternative isn’t for the OS to do it: its to implement everything yourself… Speaking previous from experience working at a company that did exactly that… It has its own set of problems… But it is at least possibly secure 😅
There’s another alternative, which is manually adding libraries to your project yourself instead of doing it all automatically through a package manager.
Yes, it’s less convenient to download and import a package manually, especially if you need to do the same with a litany of dependencies, but I don’t feel like that’s a bad thing. Raising the barrier of entry for arbitrarily adding thousands of lines of other people’s code to your project would force people to think about how much of that they actually need.
Or you can just use git and pin your packages to specific versions and review the changes to the packages when they change using git diff…
Have you ever looked at the available packages in a Linux distribution like Debian or a BSD? There are thousands and thousands of library packaged to support software releases. Like I said, that had been the distribution model for the better of twenty+ years until this new, shittier, model.
there are over 3.1 million packages available in the main public npm registry…