Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Do you regret using node/npm on such a high-risk installation?



When it was first built (6ish years ago? before I took over) there weren't any other practical options if you wanted an Ethereum simulator in JavaScript, which is a very common use case of ours.

Though now that wasm is popular and there are Rust implementations of Ethereum, I still think being able step into and debug from within a JavaScript application is valuable.

I think the ecosystem has just drank too much semver Kool-Aid.

So no, I don't regret it, and I don't think the problem is unique to npm, I think the problem is exacerbated by its popularity and addiction to loose semver (the default when installing a package by name).


Amen on semver. If you start pulling at that thread, the npm people start realising what a big mess they’ve gotten themselves in.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: