*while npm install scrolls by on my terminal*
incorporating code into my codebase? without reviewing it? that's irresponsible
im phrasing this in a silly way because my brain is terminally online
of course, *some people* have been talking about stuff like supply chain security a ton
i'm just trying to like, re-evaluate things and how i think abou them. i review prs before merging. how honest is that though?
for a profession that talks endlessly about how cargo culting is bad, we sure do cargo cult a lot
re-evaluating things is a big theme for 2026.
what are we *actually* doing here? what practices can we verify are *actually* helping us write better software? what is "better software" anyway?
Feb 4, 2026 20:48lot of people are going to gain a lot of leverage by taking a very frank and honest look about what practices they're doing, and why, and discarding some that don't serve them anymore.
some are gonna try this, discard the wrong ones, and crash and burn.
the trick is, which are which?
Running things in containers etc. will hopefully become defaults. npm is plain dangerous.
