| ▲ | hrmtst93837 11 hours ago | ||||||||||||||||
Skipping Node sounds nice. PyPI and RubyGems have had the same mess, and npm gets more headlines because it is huge and churns fast, so you see more fresh landmines and more people stepping on them. Unless you plan to audit every dep and pin versions yourself, you're mostly trading one supply chain mess for another, with a tiny bit of luck and a differnt logo. | |||||||||||||||||
| ▲ | slopinthebag 11 hours ago | parent [-] | ||||||||||||||||
Cargo is a great package manager and hasn't suffered from the same problems. I'll take it. | |||||||||||||||||
| |||||||||||||||||