by diego_sandoval on 3/15/24, 5:33 PM
The one that ends up looking worse from all of this is Github, followed by NPM. You shouldn't feel guilty about any of the things you did. You did nothing wrong.
by ghusto on 3/15/24, 5:11 PM
> “How can this sort of event that makes our customers angry be prevented in the future?”, they asked themselves. Their answer was a new rule: any versions of a package that has dependents cannot be removed from the registry
> We tried to hang a pretty picture on a wall, but accidentally opened a small hole. This hole caused the entire building to collapse.
These two snippets say everything that needs to be said about the JavaScript ecosystem and mentality. I'll leave if for you to decide what that is.
by hoten on 3/15/24, 5:26 PM
Don't sweat a huge faceless entity misrepresenting a cool hack. It's probably a badge of honor among hackers.
by internetter on 3/15/24, 4:21 PM
Hi HN!! I’m the author of this, if you have questions let me know
by pvg on 3/15/24, 5:14 PM
by EMIRELADERO on 3/17/24, 1:00 PM
Is the NPM server code open (to viewing AND contributions)? I tried looking but couldn't find it anywhere. It would be very weird for something so essential to the OSS community to be closed off and untransparent like this, especially when it's intrinsically tied to the ecosystem of a programming language.
by eacapeisfutuile on 3/15/24, 6:15 PM
Nice work, a somewhat hilarious, albeit understandably stressful way to surface a few systematic issues.
by moschlar on 3/17/24, 7:14 AM
„Unforeseen Consequences“