Comment by nromiun
2 months ago
Not to the same extent as NPM. Because Python has a good standard library and library authors are not deathly afraid of code duplication like JS devs, for example micro libraries like left-pad, is-even etc.
2 months ago
Not to the same extent as NPM. Because Python has a good standard library and library authors are not deathly afraid of code duplication like JS devs, for example micro libraries like left-pad, is-even etc.
Also there’s more of a habit to release to the pre release channel for some time first.
I honestly think a forced time spent in pre release (with some emergency break glass where community leaders manually review critical hotfixes) could mitigate 99% of the issues here. Linux packages have been around for ever and have fewer incidents mainly because of the long dev->release channel cooking time.
Forced time in pre-release sounds like a really good idea.
Can somebody drive this up the chain to people who administer npm?
The weird dig at JS as a community is wholly unnecessary. Python as an ecosystem is just as vulnerable to this crap - and they’ve had their own issues with it.
You can reference that and leave the color commentary at the door.
Unnecessary? Maybe if more people had commented on JS devs tendency to include every 3 line micro packages in existence we would not be in this situation.
Every ecosystem has this problem but NPM is the undisputed leader if you count all attacks.