So I have a huge love/hate for NPM. It is a great thing on how easy it is to use. It offers the ability to see easily what is being installed along with the application you are installing. And a bunch more but at this point those are a couple of the main positives. Yes was a short list, but whatever.
Now for something I HATE about NPM, or a couple things. It is kind of slow, I know you can tweak it to not have a progress bar which makes it quicker, but really a progress bar slows down your application from installing stuff that much, seems like should be a semi easy fix, which trust me I bet it isn’t. And the other thing, which isn’t really a full rant to NPM but all the applications using it ( so anything Node), why are so many node applications using old versions of software. One of the prime examples, Jade. Now Jade is no longer called Jade, legal issue of what I remember, it is called Pug. There are many times that I go to install something and it uses Jade still and just don’t understand it. If anything do small updates that take care of things like this. Applications that aren’t fully updated, or NPM Modules for that matter, give me a sinking feeling. What features am I not getting, what bug fixes have there been, what security fixes have happened? These are all things I think about when I go to install something and they flat out tell me with NPM that it is using an old module.
Now yes I know PIP probably isn’t any better at this. Yet it seems that because of the vast expanding world of NodeJS and NPM that we are going to hit a point where it will come back and bite us. Some huge security flaw will be found and tons of applications that never, or barely update, will in turn have security flaws. Maybe deep down I should try and update some of the modules using old stuff and try and get the changes added, but at this point I want to work on my own project first. Now if PIP/Python Community is better at keeping this stuff up to date, I maybe switching myself to Python.