Hacker News new | ask | show | jobs
by afpx 1 day ago
Github / Microsoft could easily fix this, couldn't they? Leaving NPM up in its current state seems criminal, especially since LLMs generate NPM commands so frequently.
2 comments
jjice 1 day ago
They have some changes here in v12: https://github.blog/changelog/2026-06-09-upcoming-breaking-c...
link
WalterGR 1 day ago
And the discussion here, with 215 comments: https://news.ycombinator.com/item?id=48467705
link
sheept 1 day ago
Is it possible to fix it in a backwards compatible way? Removing lifecycle scripts is at least a semver major change, and would complicate existing projects relying on packages with lifecycle scripts from upgrading.
link
evilduck 1 day ago
This is a real world trolley problem scenario. You can break workflows or you can let everyone get pwned by supply chain attacks. Which is the greater harm?
link
sheept 1 day ago
People will not adopt a safer version if it broke their workflows. Adoption is part of preventing supply chain attacks.
link
idiotsecant 1 day ago
They will if it's the only version. Eventually.
link