| ▲ | cgh 4 days ago | |||||||
Is the fundamental problem with npm still a lack of enforced namespacing? In the Java world, I know there’s been griping from mostly juniors re “why isn’t Maven easy like npm?” (I work with some of these people). I point them to this article: https://www.sonatype.com/blog/why-namespacing-matters-in-pub... Maven got a lot of things right back in the day. Yes POM files are in xml and we all know xml sucks etc, but aside from that the stodgy focus on robustness and carefully considered change gets more impressive all the time. | ||||||||
| ▲ | hyperpape 4 days ago | parent [-] | |||||||
Nothing about this attack would be solved by namespacing, but it might have been solved by maven's use of GPG keys. | ||||||||
| ||||||||