Most people know this but the _real_ reason it explains things is that GitHub is owned by Microsoft. Oh, and Microsoft moved GitHub to Azure
Most people know this but the _real_ reason it explains things is that GitHub is owned by Microsoft. Oh, and Microsoft moved GitHub to Azure
To be fair, NPM sucked long before it got acquired by Github/Microsoft.
And to be fair 2: The other package repos also suck.
> And to be fair 2: The other package repos also suck.
If you mean other languages, then yeah a lot of similar issues and weirdness there as well. Maven dependencies in any complex project are a "fun" challenge as well.
Though the sort of recurring supply chain attacks you see within the npm ecosystem is something I haven't seen elsewhere to this degree.
Yeah, but the azure supply chain attack explains why all of a sudden they can make this change.
It seems that if you want to get something important changed in npm, you simply need exploit some of its short comings against Microsoft instead of discussing why it’s necessary.
To be fair, the entire problem space sucks and I’m not sure it’s possible not to.