This was excellent, but conveniently left off any discussion that npm can “un-un-publish” a programmer’s code against their wishes, and apparently without repercussions?
Thank fuck for that, cause if they didn’t faker.js and node-ipc would have caused a lot of trouble, with the developers adding malware to a new version and later deleting the entire packages, breaking tons of projects. And those were everything but small packages.
All for the greater good, especially if it’s the choice between one guy’s desire to nuke their own code VS tens / hundreds of thousands of projects that depend on it.
Left pad is a good example of why you shouldn’t.
Event stream as well. TL;DR: popular npm library get infested with Bitcoin stealing code.
https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident
can you elaborate
https://qz.com/646467/how-one-programmer-broke-the-internet-by-deleting-a-tiny-piece-of-code
This was excellent, but conveniently left off any discussion that npm can “un-un-publish” a programmer’s code against their wishes, and apparently without repercussions?
Fuck npm, I guess.
Thank fuck for that, cause if they didn’t
faker.jsandnode-ipcwould have caused a lot of trouble, with the developers adding malware to a new version and later deleting the entire packages, breaking tons of projects. And those were everything but small packages.All for the greater good, especially if it’s the choice between one guy’s desire to nuke their own code VS tens / hundreds of thousands of projects that depend on it.
That was a rather nice read :) thank you!
Thank you for sharing this. I learn something new everyday, much appreciated.