Message from JavaScript discussions
November 2017
— The whole versioning of the project is 100% out of control as soon as it is tied to NPM... no bueno
I think they could be a lot stricter in the public registry though, for instance:
* Never allow side-effects when a library is require'd
* Have a self-semver-analysis by checking the exports of each library in a sandbox
— I guess the second one would be hard
— Heh, stuff like that should be in the person's testing itself
— Yep, but would be nice to have it enforced by the registry
— So that your module can get rejected
— Anyways, the solution for versioning, for a lot of people, is have two version numbers... an NPM version and a project version. But then that's just even more confusing
— Would be like the Apple app store haha
— Maybe that would be good for a specific part of the registry, like instead of reject it put it somewhere else
— Have a "Trusted Modules" section
— Yeah
— That would be great