Hacker News new | ask | show | jobs
by varenc 110 days ago
I found that strange as well. My guess is that `npm` is just the package manager people are most likely to already have installed and doing it this way makes it easy. They might think asking people to install Cargo is too much effort. Wonder if the pattern of using npm to install non-node tools will keep gaining traction.
3 comments
m000 109 days ago
It's still weird. Why not just use an effing install.sh script like everybody else? And don't tell me "security". Because after installation you will be running an unknown binary anyway.
link
bigstrat2003 110 days ago
Most people aren't going to have npm installed though. Nobody outside of web devs uses it.
link
patates 110 days ago
A lot of people who are not web devs use it, that's what I see. I even saw some mainframe developers use npx to call some tool on some data dump.

Also, this is a web project anyway. Google Workspace is web based, so while there is a good chance that the users aren't web developers, it's a better chance that they have npm than anything else.

In the case that they don't, releases can be downloaded directly too: https://github.com/googleworkspace/cli/releases

link
gempir 110 days ago
If you had to pick one package manager that was most likely installed across all the different user machines in the world, I'd say npm is a pretty good bet.
link
wiseowise 109 days ago
Pip.
link
sankalpmukim 110 days ago
"Most people" are webdevs

Bracing for getting cancelled

link
freakynit 110 days ago
Why not just downloadable binary then?
link
varenc 110 days ago
For many, installing something with npm is still easier. It chooses the right binary for your OS/architecture, puts it on your PATH, and streamlines upgrades.

Their Github releases provides the binaries, as well as a `curl ... | sh` install method and a guide to use github releases attestation which I liked.

link
krzyk 109 days ago
I feel better with `curl ... | sh` than with npm.

npm suggests projects written in js, which is not something I'm comfortable.

It is nice to see that this is not JS, but Rust.

link
varenc 109 days ago
Agreed! The `curl ... | sh` is sketchy, but it's more obviously a security risk and easier to inspect. With install hooks, `npm install ...` also allows arbitrary code execution when you run it, but this is less obvious.
link
freakynit 110 days ago
Hmm, that's right... thanks..
link
patates 110 days ago
They have them: https://github.com/googleworkspace/cli/releases
link