This approach does not scale. We should make NPM better.
BTW I'm not saying we should kill NPM. What I'm saying is we should reduce our dependance on random packages.
Bun doesn't need to add everything into the core engine. Eg: when using .NET you still add plenty of official Microsoft dependencies from Nuget.
- Trust could be opt-in by default
- Dependency installation could be made fully reproducible
BTW I'm not saying we should kill NPM. What I'm saying is we should reduce our dependance on random packages.
Bun doesn't need to add everything into the core engine. Eg: when using .NET you still add plenty of official Microsoft dependencies from Nuget.