I feel like the development and deployment issues mentioned are more endemic to webdev (or maybe webdev+javascript) than NPM, if it's even useful to separate "code" and "culture" in the way the article attempts to. Developers will be pulling and deploying to production regardless of the package manager being used. But if they don't, the package manager destroying their test servers is still something that should never happen.

But... clearly NPM's real problem is the code.

> Still, others point out that the npm blog announcing 5.7.0 certainly reads like an official release announcement.

Ok, granted, this much is true. But so far as I know, you'd have to be using npm@next to have gotten 5.7.0, not just the regular npm package. I'll fully agree that npm should not have introduced a bug like this, but how great of an idea is it to run bleeding edge versions in production?

running npm as sudo seems to be the real problem here. why is the article not talking about this?

sudo never did seem like it added much other than opportunity for mischief like this to occur.

Wow, I love going to a website and immediately being presented with an autoplaying video playing techno music.

Weird, no autoplaying video for me ‍️

Auto-played for me, too.

A/B testing ?