| ▲ | rvz 5 hours ago | |
It is because it has the lowest barrier to entry with no quality control. Ever. This is what happens when there is no barrier to entry and it includes everyone who has no idea what they are doing in charge of the NPM community. When you see a single package having +25 dependencies, that is a bad practice and increases the risk of supply chain attacks. Most of them don't even pin their dependencies and I called this out just yesterday on OneCLI. [0] It just happens that NPM is the worst out of all of the rest of the ecosystems due to the above. | ||