This seem quite counter intuitive and to be bloating the project: i’m trying to install tsdoc linter, but npm adds like other 50 packages alongside with it, is this the expected behaviour? Why is it so?
A project that could easily be 5MB ends up being like 60MB
I remember reading about this years ago, even affected internal Facebook dev team when it happened.
The dev was (rightfully) angry at NPM about another project and asked NPM to delist all of them. For some reason NPM at the time allowed this. I think they just had never thought about the problems it could cause before. Deployments to package managers, especially open source deployments with irrevocable licences, shouldn’t be allowed to be removed. Doubly so once they’re depended on. NPM’s policy changed and is now more in line with that.
It affected pretty much everyone because some very popular frameworks at the time pulled left pad in transitively through other modules. Then because those popular frameworks did and most everyone was using those frameworks it broke pretty much everyone.