[jtdev]

What does NPM/yarn do better than virtualenv/pip?

“Added 17000332 packages (including is-even) 875 vulnerabilities found, have fun with that info. Yours truly, NPM”

[linkdd]

Ẁhile I agree the situation is ridiculous, what prevents anyone to do the same in Python?

I can publish is-even on PyPI if I want, is that Pip's fault?

[cookiecaper]

It's a difference in the community's engineering values. JavaScript devs pull in a dependency for virtually everything, whereas Python distributes an extensive standard library with the language. It's less important that the same thing is hypothetically possible in both communities and more important that specific communities have chosen to use similar toolkits differently.