Nicholas Zakas

They didn't need it.

Because at the time, I think it was just a few months earlier, they had actually announced their own NPM-compatible registry built into GitHub, which is still there, but doesn't seem like people use all that much, except maybe as private repos inside of companies.

So they didn't really need to buy NPM.

And I don't know who would have bought it otherwise.

But at the same time, it's like if you adopt a dog, you should take care of the dog.

Yeah.

Yeah, absolutely.

Right.

Well, so my counter to this argument, which I completely understand, is that all it takes is one attack that costs people millions of dollars in some way or costs a company millions of dollars.

before this becomes not just a like, oh yeah, hey, we're keeping it alive, but you know, like there's a responsibility because if you don't take care of that dog, it's gonna start biting everybody in the neighborhood.

And then you're looking at not just

Like, oh, this is, you know, it tarnishes our reputation, like it doesn't look good.

Now you're looking at like significant financial repercussions.

And, you know, I'm sure there's stuff in the terms of service that says that they can't be sued.

That's what I was going to ask.

But, you know, there still might be some big company out there that's like, hey, you know what?

We're just going to try it because we're a multi-billion dollar company and we have the money to throw at lawyers.

And why not?

We'll give it a shot and see what happens.

But this has been my concern for several years now is that