undefined | Better HN

0 pointspaulddraper8y ago0 comments

> npm is not for managing system software

Debatable but irrelevant.

I'm not saying npm is a good or bad system package manager, just that running arbitrary scripts for requested packages and their dependencies is hardly unique.

It's oblivious to single out npm as a package manager that allows you to be pwned by packages in whatever repo you pull from.

0 comments

2 comments · 1 top-level

diggan8y ago· 1 in thread

It's not unique, but apt/pacman does not run arbitrary scripts. It runs what has been reviewed by others while npm packages are often not reviewed by anyone except the author, that's the difference.

paulddraperOP8y ago

So you're saying it's not the tool or packaging format. It's the curation of the repositories that npm/apt/pacman users tend to consume.

j / k navigate · click thread line to collapse