|
|
|
|
|
|
by twelve40
3000 days ago
|
|
|
Just because it's a shitty common practice doesn't mean there isn't a proper way to do it (local repo). For example, there are tons of people who check in their secrets into public and private Github repos (including Uber eng), then they get jacked and complain. If they were smarter than that, "it would not have caused a problem for anybody". Doesn't really prove that what a lot of people do must be automatically good. |
|
|
https://status.npmjs.org/incidents/41zfb8qpvrdj
The fact that 9 packages could be "published over" _after_ the left-pad fiasco, shows lack of attention.
Tools should try to foster good practices, instead of worsening bad ones.