Another one-line npm package breaks the JavaScript ecosystem

A simple and popular package aspired to meet some new specification: it was updated and annotated accordingly. It didn’t meet the specification, so this change broke many downstream projects and disrupted many operations.

It feels to me like the idea of configuration management is the one that’s missing here.

See also the discussion on HN.

For the previous case, the left-pad library, see also this previous topic:
"I would never have thought you could trust a random unauthenticated person on the

via mastodon