"The way I learned how to program was by publishing one project a day that used a specific language feature I was trying to learn. No one even looked at my projects or used them until I had quite a few published. I didn't even want people to use them at that point, since I had no idea what I was doing. Then one day I realized that people were actually using some of the things I published as a learning exercise, and I started going back and fixing and improving that code. Rinse and repeat. That's pretty much all I did.
Why is the default for people to assume the worst all the time? It's depressing as hell."
If true, it's kind of sad so many people badmouth him.
Maybe public common repository shouldn't be used as a dumping ground for every random guy learning how to make their first script. It's a bit like learning to drive by going to a public highway and just starting driving at random directions and then saying "why are you folks screaming? I'm just learning, it's depressing you always assume the worst!"
Ever publish a Java project to Maven Central? It's a massive pain, but it also acts as a bar to make sure you're publishing something of value you think others might use.
Unlike a public highway, you can't actually harm anyone by publishing to a public repository. The code is just there; you can ignore if you prefer (you can't ignore a swerving car in a highway).
What's actually harmful is the blind trust most developers have on adding dependencies without proper vetting. But if someone publishes a package they are not responsible for vetting it for inclusion in your project. So shifting blame to the library author gets responsibilities backwards.
Perhaps you would prefer a curated package registry, but in this case you would need actual curators. Something like Debian has maintainers, but doesn't have every library in existence (and what it has is often outdated anyway). Npm and other language registries aren't curated, by design. You could create a curated registry on top of npm but, again, you need curators.
By publishing one single script - not likely. By publishing 1000 scripts - yes, you can, by polluting the public space and making it so much harder to find real supported code that can be relied upon. It's like throwing garbage on the street. One can won't do much, do it many times - and your neighborhood is a dump.
Same argument as with spam. Sending an email is not a crime, and sending an email to somebody you didn't know to ask them maybe they want to do business with you is not that bad. Do it couple of millions of times, and it breaks the whole system.
> What's actually harmful is the blind trust most developers have on adding dependencies without proper vetting.
Now comes the victim blaming. Nope, the fact the people should verify stuff does not absolve the guilt of those who put garbage into the public space. On the contrary, they are making the problem so much worse. And yes, there are means to deal with the problem, but again "you can clean up" is not an argument that absolves the guilt of somebody who throws trash around. They are doing bad thing, and should feel bad about it.
I have nothing against them as a person - I don't know them at all. However, the ANSI colours one is blatant package-downloads optimisation. Infact, the READMEs were clearly copied and pasted,
It sounds like he's just making excuses. If he really thought his contributions were just for learning, he wouldn't be bragging in his bio that he's "created more than 1,000 open source projects". That's like saying "I've written more than a million lines of code" because I copy-pasted one line of code a million times in college.
It kind of stretches credulity for him to say these are just test projects that he doesn’t want people to use when his profile is bragging about having 1000 open source projects.
Exactly. I almost believed it until I saw shameless self-promotion and soliciting donations under it. I mean I have nothing against people getting paid for their work, especially open-source developers, but you can't both claim you were just learning and didn't expect anything, and use that to brag and solicit donations.
Agree. And also when you publish something on NPM you could expect someone to download it and you would need to maintain it. You cannot say later "Ohh I didn't know or I had no idea".
"The way I learned how to program was by publishing one project a day that used a specific language feature I was trying to learn. No one even looked at my projects or used them until I had quite a few published. I didn't even want people to use them at that point, since I had no idea what I was doing. Then one day I realized that people were actually using some of the things I published as a learning exercise, and I started going back and fixing and improving that code. Rinse and repeat. That's pretty much all I did.
Why is the default for people to assume the worst all the time? It's depressing as hell."
If true, it's kind of sad so many people badmouth him.