Honestly I don't hate the language itself that much (I'm just learning it though so who knows) but developing with it fucking sucks. First npm installs a thousand dependencies, then you have to use it to install an entirely different package manager (yarn) and hope it works.

If you're using npm, you install a package or two that you're working with and get 10+ vulnerabilities. It tells you to run "npm audit fix" so you do it, but it just lists the vulnerabilities again and tells you to run "npm audit fix", so apparently you're just stuck with those.

Then you try running your react app and it crashes with an error about failing to stat a random file in your home directory. It turns out that you mistyped an import, and instead of giving an error about that it recursively backs up and checks every single file to see if it's the one it's looking for. Cool.

  • ComradeBongwater [he/him]
    ·
    3 years ago

    It's not inherently a problem, but many tiny packages suggests many different repo owners, leading to more vectors for nefarious actors to bone you upstream.