My problem with npm libraries






Let me be specific I like NPM its the best package manager of all time after Homebrew, but hate some of the hosted libraries.

Let's start off with:

  • Peer dependencies
    Have you used Github before and got one of these Dependabot alerts, that mention a package, which in this case is in Sanity's studio lib is vulnereable to XSS attacks, but when you try to update the said package with the peer dependency, it exits with the package is up-to-date. This is a common issue in most packages, and if you try to update the peer dependency it either breaks the lib using it or it doesn't even update, trust me I have tried a couple of times to update that lib 😡.