I mean realistically it's representative of the Internet as a whole. Makes me wonder where all the porn packages are.
The pulling in of unexpected dependent packages is a real issue though, how do other ecosystems deal with it? NPM is really missing some level of trust beyond just using "brand name" packages.
My general judgement is usually how often it's worked on/how many downloads it has but gut feel isn't really enough, is it?
The pulling in of unexpected dependent packages is a real issue though, how do other ecosystems deal with it? NPM is really missing some level of trust beyond just using "brand name" packages.
My general judgement is usually how often it's worked on/how many downloads it has but gut feel isn't really enough, is it?