I feel npm gets held to an unreasonable standard. The fact is tons of beginners across the world publish packages to it. Some projects publish lots of packages to it that only make sense for those projects but are public anyway then you have the bulwark pa lager that most orgs use.
It is unfair to me that it’s always held as the “problematic registry”. When you have a single registry for the most popular language and arguably most used language in the world you’re gonna see massive volume of all kinds of packages, it doesn’t mean 90% of npm is useless
FWIW I find most pypi packages worthless and fairly low quality but no ones seems to want to bring that up all the time
I think you are completely oblivious to the problems plaguing the NPM ecosystem. When you start a typical frontend project using modern technology, you will introduce hundreds, if not thousands of small packages. These packages get new security holes daily, are often maintained by single people, are subject to being removed, to the supply chain attacks, download random crap from github, etc. Each of them should ideally be approved and monitored for changes, uploaded to the company repo to avoid build problem when it gets taken down, etc.
Compare this to Java ecosystem where a typical project will get an order of magnitude fewer packages, from vendors you can mostly trust.
If these packages get security holes daily, they probably cannot "just go" as the parent comment suggested (except in the case of a hostile takeover). If they have significant holes, then they must be significant code. Trivial code can just go, but doesn't have any significant quality issues either.
I'm not, in the least. I'm aware of the supply chain issues and CVEs etc.
One thing I want to separate here is number of packages is not a quality metric. For instance, a core vue project on the surface may have many different sub dependencies, however those are dependencies are sub packages of the main packages
I realize projects can go overboard with dependencies but its not in and of itself an issue. Like anything, its all about trade offs and setting good practices.
Its not like Java as an ecosystem has been immune either. The `Log4Shell` vulnerability was a huge mess.
My point isn't to bash the Java ecosystem, but nothing is immune to these issues and frequency is a fallacy reason to spread FUD around an ecosystem because it lacks context.
It's a matter of community culture. In the Node.js ecosystem, all those tiny packages are actually getting widely used, to the extent that it's hard to draw a line between them and well-established packages (esp. when the latter start taking them as dependencies!). Python has been npm'ified for a while now but people are still generally more suspicious of packages like that.
On the pricing bit, I have to say edge driven SQLite/ libsql driven solutions (this is a lot of them) can be a mixed bag.
Cloudflare, Fly.io litestream offerings and Turso are pretty reasonably priced, given the global coverage.
AWS with Aurora is more expensive for sure and isn’t edge located if I recall correctly, so you don’t get near instant propagation of changes on the edge
The bigger thing for me is how much control you have. So far with these edge database providers you don’t have a ton of say in how things are structured. To use them optimally, I have found it works best if you are doing database-per-tenant (or customer) scenarios or using it as a read / write cache that gets exfiltrated asynchronously.
And that is where I believe the real cost factors come into play is the flexibility
Over a decade of experience in Senior and Staff engineering roles building scalable systems and user interfaces. I have extensive background working cross functionally in an organization to create and steward technical roadmaps, meet business objectives and keeping teams from hitting technical roadblocks. I help build teams up sustainably and have extensive experience in technical leadership and mentoring peers.
My background for the last 4 years in particular has been on scaling a business, with a general focus on the user experience and technical stability. Taking a product or suite of products from 400 to 40,000 active users without losing control of performance and keeping the user experience approachable is where I shine best. This means addressing performance impacting hot spots, adoption of new tools or improving existing ones, proper A/B testing, gathering user experience data to identify pain points and most importantly empowering teams to move fast sustainably through best practice.
The bigger problem is the experience. There are some integrations you simply can't do that Apple and Google, as their respective owners of the platforms, can. Full device backups for instance.
Its $29.88/year. It is $4.99 a month, which if you pay by the month would be $60, but if you're going for a year, I don't see why you wouldn't take the 50% discount
Five years ago, I paid a flat $45 fee for Cold Turkey, software which does the same thing on Windows and Mac which doesn't require I chip in for no additional work on the developer's part; It is completed software that runs on my own machine, just like Kiki.
Sure, diming $30/year is a 'better deal' than nickeling $5/month, but this is not the sort of 'deal' which this software warrants. This is not a service product, and pricing it like one is silly.
I don't think the sell through of Android phones to the wealthiest has been all that high. Celebs, top business execs, even heads of nations state are most often seen with Apple devices in their hands.
I'm sure not in every case, but even as far back as 2018 the trend line of wealth and iPhone ownership was high. Even today most app store developers admit that iPhone users tend to have more disposable income by a good margin.
Really, when I do a cursory google search of wealthy public figures that include them holding their devices, what I can find is they're clearly holding iPhones most of the time.
Epic is hardly a puppy. Scale isn't the only determining factor in how to view these actions by companies.
Ironically, the tech industry at large went after Lina Khan even though she was instrumental in moving forward with taking on tech industry monopolies[0] even though they themselves have complained about the App Store for years[1] because monopoly enforcement also included shutting down anticompetitive mergers like the Figma buyout.
Selective enforcement is how we got here in the first place.
This is why the tech industry writ large did a 180 on Trump and helped to get him elected. Apparently monopolies are good if it means payouts for investors. Despite the fact they'd stand to make more in a highly competitive marketplace, not less, as has been shown throughout history
They aren't because companies refuse to price discriminate. There are some exceptions, like Spotify where they called it out in a public space that the in app subscriptions were more than if you bought directly.
However, I have noticed that its very rare. In every other case I've looked into, from Omni apps to streaming apps like Netflix, I'm paying the same either way, and often with a more convienent way of managing the subscription.
Thereby, I think it goes undetected by most, because price comparing the app store to the non app store price will yield the same price most of the time. Though importantly, I have noticed, it is not always the same options. For example, regarding Netflix, I am paying the same price for my sub via Apple but new and returning customers can no longer pay for it this way, they must go to the website now. I also can't add additional members (effectively discounted second subs) either.
This has to do with the fact Apple did captiulate to allowing companies link to their own subscription pages and actually allow customers to be directed in that way with clearer and transparent language. However, I have noticed most apps with the exception of large streaming platforms have done away completely with in app subscriptions, and the prices are still the same whether its the web or via in app purchases on Apple's platform.
However, Google Play is no better in this regard. Even though they allow 3rd party payment processing as an alternative to using Google's payment processing, it has not lead to apps being cheaper on their platform, in the majority of cases. Which makes me wonder if the value is still there for a 1st party payment processor, or something else.
I feel npm gets held to an unreasonable standard. The fact is tons of beginners across the world publish packages to it. Some projects publish lots of packages to it that only make sense for those projects but are public anyway then you have the bulwark pa lager that most orgs use.
It is unfair to me that it’s always held as the “problematic registry”. When you have a single registry for the most popular language and arguably most used language in the world you’re gonna see massive volume of all kinds of packages, it doesn’t mean 90% of npm is useless
FWIW I find most pypi packages worthless and fairly low quality but no ones seems to want to bring that up all the time