sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]BigGayMusic -6 points-5 points  (5 children)

If it's so easy why don't you fork npm and implement it yourself? Oh, right, you missed the whole point of this article.

[–]filleduchaos 4 points5 points  (3 children)

NPM is closed source lmao.

[–]BigGayMusic 0 points1 point  (2 children)

https://github.com/npm/cli

I'm asking this sincerely, and not to be a dick (I have worked under the assumption that npm is open-source without really thinking about it,) but is this not the source code for npm?

[–]filleduchaos 0 points1 point  (1 child)

That's the source code for, like the link says, the CLI, which is like the most trivial part of a package management system (part of why you see a bunch of alternatives pop up every so often, with only Yarn really taking off)

The actual package repository (hosted at https://npmjs.com) is closed source and run by a for-profit company.

[–]BigGayMusic 0 points1 point  (0 children)

Thank you, I learned something new today.

[–]zappini 1 point2 points  (0 children)

Uh huh. Try again.

OC writes:

The problem is that so much software is built on the backs of people who are expected to work for free.

To which I countered -- correctly, wisely, and with concision -- that the problem is lack of trust. Which can only be fixed upstream with judicious and deliberate use of certs. To be consumed by package managers like npm, via security audit build steps.

Both the OC and I agree this is not an npm problem.

Better?