I wonder what the various measures are to improve the security.
If their measures are effective this could lead to a snowball effect where more and more untrusted packages would vanish from the current dependency jungle.
Ok, I confess, I'm not an npm user. If the answer to my question is obvious to npm users then please feel free yo ignore this.
I've read the article twice now though, and I don't understand the pain that jsr is out to solve. I read about design goals, how npm is old, and so on. And a list of features. But I'm not really seeing the "pain" - or perhaps its simply taken for granted.
I feel this is a common theme when programmers build things. See how many features we have. See its all nice and shiny. And that's great, but you haven't hooked me.
On the other hand when someone pitches paid, and i identify with that pain, its easy to get on board.
For example, Web Server certificates cost money, you have to manually waste time getting them every year. Getting them is jumping through hoops like a trained seal.
LetsEncrypt is a free, automated system that just works after a one-time configuration.
This is an easy sell (to me) because you've identified my pain and offered a solution.
In the JSR case its a good description of the solution, but I'm not yet feeling what the pain is.
6 comments
[ 3.5 ms ] story [ 23.2 ms ] threadIf their measures are effective this could lead to a snowball effect where more and more untrusted packages would vanish from the current dependency jungle.
This is a great opportunity.
I've read the article twice now though, and I don't understand the pain that jsr is out to solve. I read about design goals, how npm is old, and so on. And a list of features. But I'm not really seeing the "pain" - or perhaps its simply taken for granted.
I feel this is a common theme when programmers build things. See how many features we have. See its all nice and shiny. And that's great, but you haven't hooked me.
On the other hand when someone pitches paid, and i identify with that pain, its easy to get on board.
For example, Web Server certificates cost money, you have to manually waste time getting them every year. Getting them is jumping through hoops like a trained seal.
LetsEncrypt is a free, automated system that just works after a one-time configuration.
This is an easy sell (to me) because you've identified my pain and offered a solution.
In the JSR case its a good description of the solution, but I'm not yet feeling what the pain is.
Seems like a new registry with a few cool new features. Which is nice, but not something revolutionary. It’s just npm with some sugar on top.