|
|
|
|
|
|
by deepsun
785 days ago
|
|
|
Having been programming continuously on JavaScript for over 20 with all the popular frameworks, I'd try to stay away from it as much as possible: 1. Dynamic typing must die. Except for R/Julia/Python (aka JuPyteR) notebooks use-case, where it's awesome. My list includes only statically-typed languages. Typescript is much better, but its type-checking still fails sometimes, unlike real static-typed languages. 2. NPM is a mess that allows any transitive dependency to run arbitrary code on your machine at a time of installation (including cleaning up after itself). Compare that to Java's Maven -- libs quality is much better. no arbitrary code runs, just downloading. |
|
|
This point gets parroted so often on HN [1]. You can install packages with the --ignore-scripts flag to disable this behavior, or just set the option globally in your NPM config file. I do like the way Bun disables lifecycle scripts by default [2], but it takes me all of two seconds to run `npm config set ignore-scripts=true` on a new machine, so it's basically a non-issue for me.
[1] https://news.ycombinator.com/item?id=38797176
[2] https://bun.sh/docs/cli/install#lifecycle-scripts