Golang vs Node Packages
package.json, even Ryan Dahl creator of node says he [regrets it]dahl
slides. While it might look like a convenient way to work in node projects at
first, soon you might hit some issues like:
Node scripts, they seem convenient at first, but you can’t really put comments there or multiline scripts. In the end, there are far better tools for that,
make(add link) would be one of them.
A lot of noise, things that are npm specific.
Tool configurations create even more noise. Most popular tools allow to include their configurations in the
package.jsonwhat can create even more noise.
Repository is not a source of truth
Some time ago David Gilbertson posted and [article]npm hacking about how it is possible to add malicious code to npm package in a way that would be really hard to find by just scanning.
This article shows one of the biggest weaknesses of npm and centralized
registry. The source in the repository is not the same code in the registry and
even the code in
node_modules can be transpired and mangled quite often.
I have way much less experience in golang, but after working with it for a bit anyone would see that the ecosystem is way more pragmatic. Some of the benefits:
- Golang src is the source of the library which you can inspect.
- No dependency on external URL once it’s there. It’s just stored in your
- There is a mentality of copy and paste in golang which is good. If you need a single function it might be easier that way
- Dependencies are resolved and put into module file if you are using golang modules, rather than doing it by hand.
- no tools neede for monorepos, you can just point to the repositories folders.
One of the biggest complaints about golang packaging was the
but that it’s finally solved with golang modules.