Nicholas Zakas
๐ค SpeakerAppearances Over Time
Podcast Appearances
Because I have talked with folks who work on NPM.
They're really dedicated.
They're really smart.
And the sense that I always get is just like, there's a really big backlog.
There's not enough people to work on it.
And so the stuff just kind of sits until there's an emergency.
And my read on the response last year was,
And I have no inside knowledge of this at all.
This is just my interpretation of what I was seeing, was that the things that they were rolling out were things that were probably already on their roadmap and just needed a little push.
And this was the push of like, you know, running it up the chain and just saying, hey, these like three things we've been trying to get through for the past nine months, like this would actually really help with these attacks.
So can we prioritize and resource these?
And that's why we got those.
Again, just my theory, but it just, it seems like, and I gave this feedback directly to them too, that I just feel like all of this is attacking the problem from the wrong end at this point.
Yeah, and I think that's exactly the problem, is that the NPM registry is a huge cost sink.
It is wildly expensive to run, requires a ton of bandwidth.
All kinds of companies are relying on it every day, running in their CI.
And when the NPM...
company, NPM Inc., was running, they needed to sell because they couldn't afford to run the registry anymore.
And it really was GitHub being like, hey, we are a haven for JavaScript developers.
They didn't have to do that.