[clintonb]

Do they? Someone tried to solve a large problem with the package manager, and inadvertently created a larger problem. That simply indicates the folks at NPM didn't fully think through the edge cases of their problem/solution.

I'm curious if other package managers have the same problem identified by the author, or are susceptible to the "left-pad" problem?

[magicalist]

On crates.io you can't unpublish a crate, you can only yank[1], which marks a package version as unusable as a new dependency. Existing dependencies on it will continue to work though, and it's still publicly available.

"This hole caused the entire building to collapse" is really overstating things since a package depending on all versions of all packages in npm results in the same behavior, which lots of people believe should be how npm should be treating publishing anyways.

The people who were mad were the tiny number of people who expected unpublishing to work, tried to unpublish during that week or two and found it unavailable.

[1] https://doc.rust-lang.org/cargo/commands/cargo-yank.html