Eh, I don't care about that so much. If it's the idiom in your language to let someone else write every little function like that, and that's just how it is in that ecosystem, then so be it. I wouldn't want to work that way, but everyone has their preferences.
But if you're going to foster an ecosystem where everyone's going to use the same "leftpad", then you damn well better make sure that:
If you can't guarantee all three of those conditions, I want nothing to do with it. And again, pretty much everyone else offers these guarantees. This isn't just some greybeard rant about an ideal world no one has ever lived in before.
They're now implementing a 24-hour cooldown on republication of any deleted package names
So make attackers wait a whole day before uploading their compromised replacements for widely-used packages. Got it!
Seriously, NPM is a shithole. "As a general rule, the npm Registry is and ought to be immutable", you think? It's not a "general rule". It's "all the time, every" you freaking amateurs.
most of the npm support team's work is devoted to handling user requests for package deletion, which is more common than you might expect. Many people publish test packages then ask to have them deprecated or deleted. There also is a steady flow of requests to remove packages that contain contain private code that users have published inadvertently or inappropriately.
This right here is how you brought it upon yourself, and why I have zero sympathy for your self-imposed situation. If I contribute a package to Debian, you think they'll spend "most of their week" removing it just because I asked? That's not gonna happen. Here's how you fix this:
"Effective immediately, we no longer remove packages unless they cause a clear and imminent threat to their users. If you accidentally included your GitHub password, change it. That's your problem, not ours. Next time try not to do that, OK? Also, we no longer reuse package names, ever, for any reason. If you wanted it, you should have registered it. And finally, under no circumstances, period, may you ever reuse a version number. Ten years from now, package foo-1.2.3 will be bytewise identical to the one we issued last week. We guarantee it."
Anything short of that is a joke to the rest of the industry. I'm not being idealistic or unrealistic, either: these are completely reasonable, common policies that pretty much literally every other package repo implements.
That's a great question. Probably not, but the Senate was originally a nod to slightly smaller states who didn't want to be ignored. However, the state population range at the time was much smaller: Virginia was about 12 times more populous than Delaware (which by land is 1/9th the size of Virginia, so their densities are very similar).
Today, California is 68 times more populous than Wyoming (but only 1.7 times bigger, which works out to about CA being about 41 times more densely populated). There's absolutely no way that a Senate being crafted today would give Wyoming 68 times the proportional representation of California.
Similarly, it's insane that people in Wyoming have four times the electoral voting power as New Yorkers. "But Wyoming is so big on the map!" Sure, but it has the about the population of Staten Island.
There is no justifiable reason why those one or two cities shouldn't have all the power if that's where all the people live.
I am american
No you're not. No one actually believes you.
I always thought the 25Mbps definition was too high as a "minimum definition."
It's too high as the definition of "minimum required for normal Internet use". It's definitely not too high as a definition of "fast Internet".
He has not acquired a fortune; the fortune has acquired him. -- Bion