0
vicary
3y

The genius businessman Isaacs Schlueter, who sold a common tool npm to GitHub, forced a breaking change to block yarn in a minor upgrade in August.

Every decision of trading his users for his own business growth is so obvious, so hostile and so badly executed.

Let us give a moment of silent to the damage he's done to the community, I still see comma-first and colon-skipping as an intentional habit in some open source libraries.

This very commit https://github.com/npm/arborist/... breaks so many things at once.

Comments
  • 0
    That just happens when people pull in random shit from all over the internet upon every build. *shrug*
  • 0
    Just a question... Why does this break yarn?

    Because they use symlinks for the node_modules folder?

    Either I'm overlooking sth or the commit looks sane to me.
  • 0
    Isn't understanding what they're doing a basic requirement before launch?

    Preventing preinstall scripts exploits by removing a feature, brilliant move. Might as well chop off frontal lobes to prevent dumb moves.
  • 0
    @IntrusionCM yarn workspace and pnpm?

    Packaging an invalid usage as security thread sounds like a convenient shortcut to force anything without major upgrades.

    More context and the link to CVE: https://github.com/npm/cli/...

    And here is an example of why do I think npm audit is stupid: https://github.com/lodash/lodash/...
Add Comment