undefined | Better HN

0 pointsreificator8y ago0 comments

> NPM shouldn't scare you.

It absolutely should, just like any dependency on any other third party code or servers. Especially when they regularly have incidents like this.

> Simple fact is you should not be relying on ANY package registry at the time of deployment.

This is true, but doesn't prove the previous claim.

0 comments

allover8y ago

> NPM shouldn't scare you.

>> It absolutely should, just like any dependency on any other third party code or servers

There's no need to be scared of any of those things if you understand the trade-offs and risks.

>> Especially when they regularly have incidents like this.

They don't.

>> Simple fact is you should not be relying on ANY package registry at the time of deployment.

> This is true, but doesn't prove the previous claim.

The 'previous claim' follows from it. If you don't treat a package registry like an essential part of your own infrastructure, there's no need to be scared of it.

j / k navigate · click thread line to collapse