Message from JavaScript discussions

November 2017

— The whole versioning of the project is 100% out of control as soon as it is tied to NPM... no bueno

— 

I think they could be a lot stricter in the public registry though, for instance:
* Never allow side-effects when a library is require'd
* Have a self-semver-analysis by checking the exports of each library in a sandbox

— I guess the second one would be hard

— Heh, stuff like that should be in the person's testing itself

— Yep, but would be nice to have it enforced by the registry

— So that your module can get rejected

— Anyways, the solution for versioning, for a lot of people, is have two version numbers... an NPM version and a project version. But then that's just even more confusing

Message permanent page

— Would be like the Apple app store haha

— Maybe that would be good for a specific part of the registry, like instead of reject it put it somewhere else

Message permanent page

— Have a "Trusted Modules" section

— Yeah

— That would be great