← Back to context

Comment by 3np

2 years ago

Well, you did say (emphasis mine):

> That's just "rm -r node_modules && npm install".

And there is more to it, very much relevant to your original complaint, which is not applicable to it.

> I didn't "munge around" in node_modules; I said "if something goes wrong". Like I said in my previous comment: "I found this out a few ago after I had some corrupted files due to a flaky internet connection".

I do believe that if you had run `npm ci` instead of `npm install`, that would have resulted in an error and an empty node_modules instead of inconsistency.

> Disk errors happen. Memory errors happen. Things like that.

Those are at lower layers than the package manager. I think it's unreasonable to expect the package manager to check for inconsistencies induced by hardware errors. You have file-system level solutions (zfs,btrfs) and things like ECC for that. Nothing is a silver bullet.

> I've also had an install ISO corrupted at some point. I always check the sums since, just in case because there was a lot of confusion involved before I found out the ISO was just downloaded wrong for some reason

Good! It happens. Keep doing it. There's a reason integrity verification is a step in every Linux distro installation guide.

> Your entire post is a masterclass in arguing against things that were never claimed and forceful injection of your own bugbears.

Fair! Though I do want to call out your "Who is carefully auditing if the repo URL in the lockfile is actually the correct one?" in a sibling comment - apparently the inferred bugbear wasn't all off-base :p

> I just want to check if node_modules is identical to what's expected, just in case, because computers kind of suck and are unreliable.

I think we can agree on that npm is not sufficient tooling for this. My response is additional tooling. I guess you want a more feature-complete package manager. Wish I had one to recommend. npm is severely neglected after the MS acquisition; yarn maintainers are completely misguided on a couple of fundamentals; every time I get around to take another look at pnpm either I run into a bug or catch a recent enough breakage-outside-of-semver that I decide they're not ready yet...

0 comments

3np

Reply