alt Hacker NewsThat (security ) is something I also worry about. I'd like to get off npm if only for this reason. It's a hack to get started.
The other thing it gives you is the ability to easily upgrade and uninstall so just a script to copy stuff is not on par.
That (security ) is something I also worry about. I'd like to get off npm if only for this reason. It's a hack to get started.
The other thing it gives you is the ability to easily upgrade and uninstall so just a script to copy stuff is not on par.
Thing is… who is regularly running `npm update` or `cargo update` to keep local software up to date?
I wouldn’t, because I might be in a repo and it starts upgrading all my local dependencies, and I’m not gonna add a text editor as a dev dependency. I’ll happily take the binary, or a tar.gz with the binary in it, though.
(Btw I love how it’s following the old DOS aesthetic)