cross-posted from: https://lemmy.dbzer0.com/post/15238521

Yet another “brilliant” scheme from a cryptobro. Naturally this caused a gold-rush for scammers who outsourced random people via the gig economy to open PRs for this yml file (example)

  • David Gerard@awful.systemsM
    link
    fedilink
    English
    arrow-up
    5
    ·
    9 months ago

    a shitty implementation of ideas stolen directly from Nix

    there’s probably a greenspun’s tenth law about this

    i’ve already said that any sufficiently large program eventually reimplements half of apt, badly

    • Deborah@hachyderm.io
      link
      fedilink
      arrow-up
      4
      ·
      9 months ago

      If npm had only badly reimplemented anything previously existing instead of rebuilding package management from first principles I wouldn’t twitch at the mere mention of the words “package-lock.json”.

      It’s a package manager designed by brilliant feral wolves. Complex, well written nightmare tool that should never have come into existence because it doesn’t know any lesson learned by prior decades of package management, like a great artist painting a summoning circle for nyarlathotep.

      • froztbyte@awful.systems
        link
        fedilink
        English
        arrow-up
        4
        ·
        9 months ago

        I have ranted this so often

        From the late 00s to early 10s I worked somewhere where we maintained our own Debian distribution (not terribly far from mainline but some localised things for purpose). I learned a lot of packaging and package management and repo skills from that

        And then soon thereafter I was in other roles which also included having to deal with software that did npm things (and, occasionally, colleagues that did fpm things) and…… god. Exhausted to my fucking core.

        Year after year goes by, and that fucking disastrous pile of shit ecosystem learns almost nothing. Repeatedly.

        And every time I have to touch it, it’s a shitshow. Every. Single. Time.