What an arrogant presentation...<p>1) “npm is the best at x, y, z” with no data to back the assertion or attempt to address the many counter arguments<p>2) we just released a bunch of brand new security code! So it must be secure!<p>3) everyone is using npm, that must mean it’s the best, and not that technical debt is forcing the choice on everyone<p>4) everybody in the audience stand up and sit down when I say<p>Jeez
After the Nth time in which npm failed to install correctly (incorrect package resolution and even an occasional stack overflow exception) we moved to yarn and never looked back.<p>It's amazing to me that npm, which has been around for quite a while, still manages to be so broken. I normally try to give developers the benefit of the doubt, but i really believe the frontend world is worse off because of npm.
NPM and Yarn have made a nightmare out of our project. We have 50 direct dependencies. The lockfiles only lock your direct dependencies, any transitive ones can change at any moment, making our CI builds fail when something works locally. And they don't actually check integrity -- that v1.5.0 of ABC is the same as v1.5.0 from a month ago.<p>I saw Yarn added last month a hash of the (hopefully) source of the dependencies -- that's what we need.<p>Despite using lockfiles, some transitive dependency changed and we decided it was best to upgrade the direct dependency, requiring a big refactor. The alternative was to fork the library and maintain it ourselves -- which I am refusing to do from this point on. We have about 10 forked 3rd party libraries. No more.<p>I feel like I spend 30% of my time just trying to upgrade/maintain the current builds because some stupid loosely semver'd dependency changes, rather than writing new features.
The key things that got my team to switch to Yarn were (a) the lockfiles didn't keep changing formats when running installs and (b) workspaces for monorepos.
I'm a bit of a outsider looking in being a manager that doesn't code much anymore but why the dislike of Typescript? I really don't see the downside. Transpiling doesn't make it 1:1 anymore but all devs seem to praise it.
"JavaScript is the most important programming language in the world."<p>Either that statement is false, in which case the JS community really is that insular and arrogant -- or it's true, which is probably even worse.<p>Either way, this assertion scares me.
It's this kind of Kool-aid swallowing of React that has kept me away from it. I don't care how great of a tool it is.<p>To paraphrase the last 8th of the presentation:<p>- Use React.<p>- If we all just use React, React will live <i>forever</i>.<p>- React is better because users.<p>So much of the rhetoric around React is disturbingly cultish.
JavaScript appears to have been primarily created to spy on users. I don't need every website to take over the presentation of content. Information shouldn't be coupled with design to limit choice. I'm ready for a new browser that uses a more modern markup format.