> Most people isn't using is-even or is-odd directly. They imported some other packages that are quite useful, but often need 10-20 sub-dependencies.
IMO, that's even worse, because that means that a lot of people are using stupid and vulnerable packages without knowing it.
I wish there was some sort of better control over the NPM directory, where someone could block/downvote (or whatever) packages that doesn't deserve to live. How this would - or should - work in practice, I have no idea, but it's just getting scarier by the day to import a package in your application.
What if we focused on fixing all the problems, and not just retreating thinking that "we can't solve this problem, because there are so many other problems related to it"?
Your thinking is literally the definition of the problem.
IMO, that's even worse, because that means that a lot of people are using stupid and vulnerable packages without knowing it.
I wish there was some sort of better control over the NPM directory, where someone could block/downvote (or whatever) packages that doesn't deserve to live. How this would - or should - work in practice, I have no idea, but it's just getting scarier by the day to import a package in your application.