1. 6
  1.  

  2. 11

    I am genuinely surprised that PyPI allows package deletion. I thought after left-pad, everyone just kinda said “yeah, we shouldn’t allow that anymore” and disabled package deletion. npm certainly did. Rust/Cargo’s crates.io has similar policies. This is an accident waiting to happen.

    1. 7

      I also assumed it wasn’t possible, but after one package I was using disappeared, I had to go verify and in fact the option to delete the package is there. A big red alert is shown mentioning that other people will be able use that package name after deletion, but the owner can proceed with the deletion if he really wants to.

      This is an accident waiting to happen.

      I share the same opinion.

    2. 4

      It is not really accurate to call it “left-pad incident” it is a fiasco. Not an incident. Incident implies a unpredictable and unexpected error. Anyone looking at the dependency tree of most JavaScript projects and not expecting exactly what happenned had some really weird beliefs.

      The week before the whole left pad fiasco, a coworker of mine age 50+ had his first exposure to JavaScript. His reaction was disbelief. His words were: “you have to download the internet because of some dependency, one of these days, somebody will delete a popular module and everything will break”. The obvious turned out to be true… Obviously.