[cjblomqvist]

Honest question, is it that much better in other communities? In particular, it's there anything inherent to npm that's problematic or is it just that a huge community with a Unix mindset (small packages that does one thing well) is problematic?

[torben-friis]

Lack of a large enough standard library is a big differenciating factor, as it makes you very dependent on third party libraries.

Even if you avoid it by creating your own utils, chances are that the creators of the large packages you use (like a database manager or a rest framework) will depend directly or indirectly of those third party tools.

[pluma]

No other package manager is run by a VC backed startup. That's inherently problematic and means the registry is in the hands of a company that could be killed off or sold at any moment because it needs to make massive profits (without having any way to truly make a profit in the first place) to continue to exist.

[qbaqbaqba]

It was a problem in otherwise very successful perl's CPAN. I don't recall any "dramas", but because of a huge number of dependencies installing Catalyst had a low change of going right the first time. But! Because of the test everything culture and CPAN testers effort broken modules were very rare. So after you managed to set up your system and had a long walk while tests would run it was guaranteed to work. More or less.

[jonny_eh]

Any community dependent on a particular repo is at risk. I'd argue that RubyGems is just as risky as NPM, for example.

The problem is that there's no good fix or alternative, it's hard to avoid a single point of failure.