|
|
|
|
|
|
by reificator
3079 days ago
|
|
|
> NPM shouldn't scare you. It absolutely should, just like any dependency on any other third party code or servers. Especially when they regularly have incidents like this. > Simple fact is you should not be relying on ANY package registry at the time of deployment. This is true, but doesn't prove the previous claim. |
|
|
>> It absolutely should, just like any dependency on any other third party code or servers
There's no need to be scared of any of those things if you understand the trade-offs and risks.
>> Especially when they regularly have incidents like this.
They don't.
>> Simple fact is you should not be relying on ANY package registry at the time of deployment.
> This is true, but doesn't prove the previous claim.
The 'previous claim' follows from it. If you don't treat a package registry like an essential part of your own infrastructure, there's no need to be scared of it.