What's funnier to me is none of them seem to want to abandon npm which keeps getting exploited and hacked. NPM has been the source of just how many industry wide hacks? Three major ones, and a massive supply-chain industry wide campaign against npm. But yeah, bun is the real concern here.

I think we need to smell the coffee and review npm and scrutinize it because it is getting dangerously out of hand.

Time will tell. I predict this is just the same 20 year pattern of: people on the internet are irate about $latest_thing, and everyone will move on to some other hot topic.

Trivia: The term is "bellwether," i.e. a wether (castrated sheep) wearing a bell, used to guide the flock.

People are going to be using a lot less software if the selection criteria include not being no agents.

I wonder how many "behind the curve/not super modern" corporations were using Bun or Deno to begin with.

Part of me thinks it's a mild overreaction. It's not like people audit every line of kernel/driver/BIOS/EFI code before running Linux? As long as the tests pass and the performance doesn't regress and it's secure... why are people so mad that it was vibe coded? Is it because it was an irresponsible thing to do? Maybe?

I don't know, I see both sides.

[dead]