Would people automatically update to the new versions of the libraries you menti... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		usrusr on March 24, 2016 \| parent \| context \| favorite \| on: NPM and Left-Pad: Have We Forgotten How to Program... Would people automatically update to the new versions of the libraries you mentioned? The problem with unpublishing is that it changes an existing version. If instead of depublishing a correctly versioned empty module named leftpad was pushed to npm (increment major, because a non-implementation is incompatible with an implementation), there would not be half as much pain. As long as unpublishing exists, micromodules increase the "attack surface" to this specific method of changing the contents of a specific published version.

spion on March 24, 2016 [–]

Which means unpublishing is the problem, not micromodules (in this particular case).

usrusr on March 24, 2016 | [–]

Absolutely true, but the scale of the problem multiplies with micromodules. More unpublishables are worse than less.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact