Npm Install Everything, and the Complete and Utter Chaos That Follows

Shared this article posted on Mastodon with my take: curious coders experimented in good faith, discovered a serious architecture issue with technology and policies, tried to notify and rectify, but got blamed by commercial entities instead of being thanked for their good faith disclosure.

Very much worth the read: Npm Install Everything, and the Complete and Utter Chaos That Follows.

Yeah, that’s a funny case. By far not the first one that happens with npm.

And I think this one wasn’t even particularly consequential, it’s not like anything critical depends on the ability to unpublish a package… right?

I wonder if the ecosystem will ever be patched to a proper state.