Github / Microsoft could easily fix this, couldn't they? Leaving NPM up in its current state seems criminal, especially since LLMs generate NPM commands so frequently.

▲

jjice 5 hours ago | parent | next [-]

They have some changes here in v12: https://github.blog/changelog/2026-06-09-upcoming-breaking-c...

	▲	WalterGR 2 hours ago \| parent [-]
		And the discussion here, with 215 comments: https://news.ycombinator.com/item?id=48467705

▲

sheept 4 hours ago | parent | prev | next [-]

Is it possible to fix it in a backwards compatible way? Removing lifecycle scripts is at least a semver major change, and would complicate existing projects relying on packages with lifecycle scripts from upgrading.

▲

evilduck 2 hours ago | parent [-]

This is a real world trolley problem scenario. You can break workflows or you can let everyone get pwned by supply chain attacks. Which is the greater harm?

	▲	sheept 2 hours ago \| parent [-]
		People will not adopt a safer version if it broke their workflows. Adoption is part of preventing supply chain attacks.

▲

2 hours ago | parent | prev [-]

[deleted]