|
|
|
|
|
|
by krono
1678 days ago
|
|
|
If anything this makes it worse. - No security checks are present in the package manager download and installation process so there are still no guarantees. - Existing installations of package managers are automatically overwritten when the user calls their binary. What if this was a custom compilation or other customisations were made? - This solution does a lot more behind the scenes than just run that yarn command that the user asked for but hand't installed. - Why not simply notify the user when their package manager isn't installed or only allow it with a forced flag? (As has been suggested uncountable times by numerous people anywhere this topic came up over the years.) Disrespecting user autonomy, capacity to self-regulate, and ownership over their machine and code is not the way. Edit: Formatting |
|
|