When "Everything" Becomes Too Much: The npm Package Chaos of 2024 - eviltoast
    • azertyfun@sh.itjust.works
      link
      fedilink
      arrow-up
      6
      arrow-down
      1
      ·
      9 months ago

      It’s saner, not perfect. With virtualenvs it does basically what you describe except that it re-downloads everything for every virtualenv, but that does not typically matter much since it’s not downloading a billion dependencies.

      With NPM there’s no choice but to have hundreds of duplicates installed for every project, that’s not just inefficient but it is a security, maintainability, and auditability nightmare.