& a lot of those dependencies come with nice security holes that may or may not be found and may or may not force you to upgrade to a new version that is now incompatible with some other package that is dependent on it and there may be no way to know until it crashes since JavaScript won't tell you about changes to any prototype definition!
Node is great for spinning up quick and dirty apps or microservices that are never going to be exposed to the public internet but, it's a joke for anything serious that's going to allow hackers to hammer on it 24/7. There's a reason why most backend languages are statically typed, or require you to follow very strict coding standards for not changing interfaces that you have no control over in someone else's package. TypeScript helps but it's like putting a band aid on an arterial wound.
& a lot of those dependencies come with nice security holes that may or may not be found and may or may not force you to upgrade to a new version that is now incompatible with some other package that is dependent on it and there may be no way to know until it crashes since JavaScript won't tell you about changes to any prototype definition!
Node is great for spinning up quick and dirty apps or microservices that are never going to be exposed to the public internet but, it's a joke for anything serious that's going to allow hackers to hammer on it 24/7. There's a reason why most backend languages are statically typed, or require you to follow very strict coding standards for not changing interfaces that you have no control over in someone else's package. TypeScript helps but it's like putting a band aid on an arterial wound.
I've seen that happening far too many times and I've only joined the JavaScript bandwagon about 3 years ago...