pier25 6 days ago

Indeed but I was arguing about a general point.

I'd be surprised if any of your Node projects had less than 100 total deps of which a large number will be maintained by a single person.

See Express for example. 66 total deps with 26 deps relying on a single maintainer.

https://npmgraph.js.org/?q=express

But even in the case of the official aws-sdk they recently deprecated v2. I now need to update all my not-so-old Node projects to work with the newer version. Probably wouldn't have happened if I had used Bun's S3 client.

Reply View 3 replies
  • greener_grass 6 days ago

    So let's put every package under the sun into the client?

    This approach does not scale. We should make NPM better.

    Reply View 2 replies
    • pier25 6 days ago

      How do you make NPM better?

      BTW I'm not saying we should kill NPM. What I'm saying is we should reduce our dependance on random packages.

      Bun doesn't need to add everything into the core engine. Eg: when using .NET you still add plenty of official Microsoft dependencies from Nuget.

      Reply View 1 reply
      • greener_grass 5 days ago

        - NPM could migrate to reproducible builds of artefacts

        - Trust could be opt-in by default

        - Dependency installation could be made fully reproducible

        Reply View 0 replies