Comment by parliament32

3 months ago

The NPM team has repeatedly commented that it's "too hard", effectively, and would discourage new developers from publishing packages. See:

https://github.com/npm/cli/commit/5a3b345d6d5d175ea9ec967364...

6 comments

parliament32

a022311 3 months ago

I don't think I'd trust a package from a new developer like that, so this helps filter out people that don't know how to properly maintain a package. If they really want to make onboarding easier, saying "after e.g. 1000 monthly downloads, you'll need to sign your artifacts" is also a viable solution in my opinion.

metafunctor 3 months ago

The npm team is, frankly, a bunch of idiots for saying that. It has been obvious for TEN YEARS that the bar for publishing npm packages is far too low. That’s what made npm what it is, but it’s no longer needed. They should put on their big boy pants.

jiggawatts 3 months ago

> discourage new developers from publishing packages

Good.

yread 3 months ago

It's not like these packages are super sophisticated million LOCs masterpieces. ansi-regex is literally just this:

    export default function ansiRegex({onlyFirst = false} = {}) {
 // Valid string terminator sequences are BEL, ESC\, and 0x9c
 const ST = '(?:\\u0007|\\u001B\\u005C|\\u009C)';

 // OSC sequences only: ESC ] ... ST (non-greedy until the first ST)
 const osc = `(?:\\u001B\\][\\s\\S]*?${ST})`;

 // CSI and related: ESC/C1, optional intermediates, optional params (supports ; and :) then final byte
 const csi = '[\\u001B\\u009B][[\\]()#;?]*(?:\\d{1,4}(?:[;:]\\d{0,4})*)?[\\dA-PR-TZcf-nq-uy=><~]';

 const pattern = `${osc}|${csi}`;

 return new RegExp(pattern, onlyFirst ? undefined : 'g');
}

1718627440 3 months ago
... | wc -c 592
592 bytes of code including comments and whitespace versus which amount of overhead in package description, tarball caches, etc...?

kyer-sh 3 months ago

No kidding. New developers need to learn the important skill of doing something correctly, not just “ship fast; break things”