> This was a failure on npm's side by including a functionality that allows users to trivially remove packages from a package management system that is used by hundreds of other packages, something that most major package management systems have decided was a bad idea.
That is emphatically not the problem. The author of those modules could have just as easily modified the code instead of deleting it:
function leftpad(str, len, ch) {
// NPM won't let me delete modules, so here you go
return "";
}
Now you'd have an even harder time figuring out what happened to your code that you did if the module just disappeared. What you're asking for is basically for the repository to adopt a policy of "all maintainers must be given free rein to get their modules correct and keep them maintained, but they shouldn't have the ability to do anything that causes problems downstream" which is impossible and frankly silly.
The problem is the dependency, not the precise mechanism by which that dependency screws you when it goes bad.
That is emphatically not the problem. The author of those modules could have just as easily modified the code instead of deleting it:
Now you'd have an even harder time figuring out what happened to your code that you did if the module just disappeared. What you're asking for is basically for the repository to adopt a policy of "all maintainers must be given free rein to get their modules correct and keep them maintained, but they shouldn't have the ability to do anything that causes problems downstream" which is impossible and frankly silly.The problem is the dependency, not the precise mechanism by which that dependency screws you when it goes bad.