Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

npm's size is not independent of its curation strategy.

This can be construed as a good or a bad thing.



NPM's size is first and foremost dependent on the popularity of JavaScript.

All other "modern" (where "modern" is "last 20 years") package managers have zero curation.

Perl, Python, Ruby, Go, Rust, Dart, JavaScript.

You say: "if they had curation, they would be better".

I say: "if they had curation, they would have lost to a competitor that doesn't have curation".

People care about having more packages much more than abstract fears of security or quality of those packages.


People care about having more packages much more than abstract fears of security or quality of those packages.

At their own peril.


> People care about having more packages much more than abstract fears of security or quality of those packages.

You're partially right. Some people haven't yet learned (eg the hard way, or whatever) that quality does matter.

Hopefully most of those people will learn to appreciate and demand quality over time, instead of the current anything-goes-approach.

In the meantime, things like this npm package example will continue to give npm/javascript black eyes (repeatedly) and help make that happen. :)


> modern

Apt is about 20 years old, and the most famous apt package repos (I.e., the Ubuntu project) is much younger than that.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: