[xnorswap]

That's a really bad attitude. I ran into a bug in NPM that prevented our CI builds running entirely.

That NPM bug still isn't fixed (despite the bug having minor security implications), but there's no way I'm re-writing everything to not use NPM, it would be absurd, nor is it sensible to fork NPM and invest time into fixing the bug.

I ended up putting in effort to work around the bug entirely, but it was only coincidence that we could go without the feature that triggered the bug because we were going to deprecate that module anyway.

Are you really suggesting that developers don't "lock themselves in" to NPM? It's one of the most prolific projects that exists and it would be career limiting to avoid using a package manager or all dependencies entirely.

[creakingstairs]

You probably already know but I found patch-package [1] to be crucial when relying on minor npm packages. It’s so freeing to be able to just fix it on your end and move on (and also raise a PR against the package)

[1] https://www.npmjs.com/package/patch-package

[xnorswap]

Thanks, but this was a bug in npm itself.

[creakingstairs]

Ah my bad! Luckily I haven’t ran into one of those yet and I’m hoping I never will :p

[flippinburgers]

It sounds like you have informed npm about the issue? If it is a widely faced issue, chances are that the maintainers will fix the bug. On the other hand you might be using npm in a way that is rather fringe.

[prmph]

You could try pnpm or yarn?

[sokoloff]

Was the same bug in yarn?