Just more engineering leaning than you. Actual engineers have to analyze their supply chains, and so makes sense they would be baffled by NPM dependency trees that utterly normal projects grow into in the JavaScript ecosystem.
Good thing that at scale, private package repositories or even in-house development is done. Personally, I would argue that an engineer unable to tell apart perfect from good, isn't a very good engineer in my book, but some engineers are unable to make compromises.
Do you think companies using node don't analyze supply chains? That's nonsense. Have you cargo installed a rust app recently? This isn't just a js issue. This needs to be solved across the industry and npm frankly has done a horrible job at it. We let people with billions of downloads a month with recently changed password/2fa publish packages? Why don't we pool assets as a collective to scan newly published packages before they're allowed to be installed? These types of things really should exist across all package registries (and my really hot take is that we probably don't need a registry for every language, either!).
> Do you think companies using node don't analyze supply chains?
I _know_ many don’t. In fact suggesting doing it is a good way to be looked at like a crazy person and be told something like “this is a yes place not a no place.”
It is solved across the industry for those who care. If you use cargo, npm, or a python package manager, you may have a service that handles static versioning of dependencies for security purposes. If you don't, you aren't generally working in a language that encourages so much package use.
Ah yes, this old way of thinking. Bro we live in a world where at least in web (and plenty of other domains) the velocity demanded from developers is exceedingly high; not necessarily because that's what those developers want, but because that's what management wants.
Most of my career Node.JS has paid the bills and I'm very grateful to fate for that; but I have also worked in C/asm/etc for embedded firmware etc. Implying that the JS ecosystem is only comprised of terrible devs is classic gatekeeping holier than thou type shit.
This is why the American Food Pyramid is so messed up. Lobbyists bought it so their grain farmer clients wouldn't need to adapt to changing market conditions (end of WWII demand).
H1-B are supposed to be skilled enough that losing their job isn't a problem due to combinations of skill levels, skill combination rarity, and connections.
The fact that your statement is a truth indicates a problem with the program.
Also worth mentioning there are some great studies of windmills helping crops by regulating temp and humidity in the day/night when they're in farm fields.
(Right now Trump has a hate against them for losing a NIMBY fight against power companies).
All that this does is ensure you don't get stacked with another order ahead of you (so the delivery is direct from the restaurant to the person who ordered) in theory.
It doesn't help with situations where drivers are multi-apping (accepting orders across multiple apps and juggling them). The drivers don't even know you have priority.
edit: and in the US where you can definitely see the tip up front, you will almost always find that the order will get picked up quicker if you increase the tip by the equivalent of the priority fee. But you may well get stuck with a delivery before yours.
reply