[flavio81]

It is really another embarrasment for NPM, considering that this is not the first time something similar happens (see: left-pad issue, 23 march 2016)

So they learnt zero from it.

Then, WHEN ARE THEY GOING TO SIGN THOSE PACKAGES? Zero, nothing. They didn't learn from mistakes, they don't listen. NPM is still open to all sorts of malicious use.

Besides NPM problems, yesterday many packages won't work because package "pinkie-promise" wasn't available. This is the full effective source code of pinkie-promise:

    module.exports = typeof Promise === 'function' ? Promise : require('pinkie');

Not just a NPM fault, but a fault of the js community as a whole for accepting systems made from hundreds of one-line packages, a sort of spaghetti code for the modern era.

[yoodenvranx]

Someone should grab the 100 most used packages which contain less than 30 lines of code, merge it into one package and call it 'npm standard library'.

[smarx007]

I have no idea why there are negative comments to this suggestion. I do a lot of Java development and Apache Commons as well as Google Guava are two of the most popular libraries.

[t3rmi]

The problem would be maintaining and versioning this standard library.

[krapp]

Guess I'll be that guy: https://xkcd.com/927/

[i_am_nomad]

I’ve gotten to the point where I recognize certain XKCD urls and no longer have to click on them to know which one it is. The ol’ 927, I see.

[netsharc]

So the kiddies haven't learned, huh? The whole left-pad debacle was because of a package that has 1 single function: it pads your string to a certain length by prefixing characters. (Writing this I wonder who made right-pad). And it broke almost everything.