You're right, I was far too indignant. I can't say that I don't trust npm. I am a javascript developer, after all. For the most part, I have had a great experience working with Node.js and npm. Further, we were not affected by the bug at my company.
I hadn't seen the seldo's apology when I posted, but they do seem very honestly apologetic. Like I said, I have nothing against them messing something up time and again, especially something that shouldn't break responsible production environments. Everybody makes mistakes.
The big red flag to me was the deletion of Rob's criticism. I know they must have been very stressed out, but it wasn't a good move. The industry needs to question if we can rely on these people, and kneejerk reactions like that don't earn any trust.
Nobody can deny that trustworthiness is a touchy subject as npm transitions into a real company. Node developers rely on the reliability of thier development stack, and the reputation of node is largely in the hands of this organization. As npm changes and becomes more opaque, it will become harder for the open alternatives to keep up. If npm gets messed up, node does too. For developers working on production node projects, there is certianally something to loose. If the time comes that npm does need to be forked, the path forward will certianally be a bumpy one.
For the time being, I continue to trust npm for my js modules (and even with my "life", considering I have a few -g installed modules.) Like I said, developers working on node projects don't have much choice, but after reading their apologetic response I will continue to trust npm.
I hadn't seen the seldo's apology when I posted, but they do seem very honestly apologetic. Like I said, I have nothing against them messing something up time and again, especially something that shouldn't break responsible production environments. Everybody makes mistakes.
The big red flag to me was the deletion of Rob's criticism. I know they must have been very stressed out, but it wasn't a good move. The industry needs to question if we can rely on these people, and kneejerk reactions like that don't earn any trust.
Nobody can deny that trustworthiness is a touchy subject as npm transitions into a real company. Node developers rely on the reliability of thier development stack, and the reputation of node is largely in the hands of this organization. As npm changes and becomes more opaque, it will become harder for the open alternatives to keep up. If npm gets messed up, node does too. For developers working on production node projects, there is certianally something to loose. If the time comes that npm does need to be forked, the path forward will certianally be a bumpy one.
For the time being, I continue to trust npm for my js modules (and even with my "life", considering I have a few -g installed modules.) Like I said, developers working on node projects don't have much choice, but after reading their apologetic response I will continue to trust npm.