Deno, itself, doesn't need a package manager, but the JavaScript community benefits greatly by having a community-driven effort to curate and do security audits on packages. Also, it is ideal to only have links to a few known domains for routing/firewall whitelisting, rather than many independent repositories.
In the future, it is possible that package validation services from GitHub and GitLab could be a replacement for NPM/Yarn. Personally, I feel that NPM/Yarn are so integral to the Node JS experience that Deno will, eventually, need to match them to promote adoption.
I agree, but although companies like npm / yarn review the packages, it does not mean that they are safe and in cases like Event-Stream They demonstrate that malicious code can be injected, the community is very attentive and detects this type of insertion, but it is a much bigger problem that does not depend on the execution environments, but on how we depend on third-party software.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Deno, itself, doesn't need a package manager, but the JavaScript community benefits greatly by having a community-driven effort to curate and do security audits on packages. Also, it is ideal to only have links to a few known domains for routing/firewall whitelisting, rather than many independent repositories.
In the future, it is possible that package validation services from GitHub and GitLab could be a replacement for NPM/Yarn. Personally, I feel that NPM/Yarn are so integral to the Node JS experience that Deno will, eventually, need to match them to promote adoption.
I agree, but although companies like npm / yarn review the packages, it does not mean that they are safe and in cases like Event-Stream They demonstrate that malicious code can be injected, the community is very attentive and detects this type of insertion, but it is a much bigger problem that does not depend on the execution environments, but on how we depend on third-party software.