A Better Future for Javascript That Won't Happen

Posted4 months agoActive4 months ago

ingve

20 points

4 comments

drewdevault.comTechstory

calmnegative

Debate

20/100

JavascriptDependency ManagementSoftware Standards

Key topics

Javascript

Dependency Management

Software Standards

The article discusses the challenges of creating a standardized library for JavaScript and the potential consequences of not addressing its broken dependency management model, with commenters weighing in on the difficulties and potential solutions.

Snapshot generated from the HN discussion

Discussion Activity

Light discussion

First comment

11m

Peak period

2-3h

Avg / period

1.3

Key moments

01Story posted
Sep 17, 2025 at 5:46 AM EDT
4 months ago
Step 01
02First comment
Sep 17, 2025 at 5:57 AM EDT
11m after posting
Step 02
03Peak activity
2 comments in 2-3h
Hottest window of the conversation
Step 03
04Latest activity
Sep 17, 2025 at 8:14 AM EDT
4 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (4 comments)

Showing 4 comments

giveita

4 months ago

2 replies

It is a lot of work to make a web standardised standard library for JS. Probably years of work. Any decision is set in stone. You cant pull python 2 to 3 or the various .NETs for open standards the world relies on. It is a hard problem. Worth starting on maybe but wont be ready for a long while.

palmfacehn

4 months ago

Google could force a standard lib by including it with Chrome. This would solve part of the issue. JS as a language would still have significant warts.

conartist6

4 months ago

I've tried making the suggestion of a standard library several times and I would consider the reaction from the standards body to be "hostile," but then again I lost a lot of faith in TC39 when I took over the future of JavaScript's core infrastructure and they didn't lift a finger to encourage me or stop me or guide me. I don't think they have even noticed at all. Given that they simply won't engage with the biggest problems facing their community, it sure feels like they are passing the wheel to me to steer the ship.

pjmlp

4 months ago

> Maybe other languages that depend on this broken dependency management model, like Cargo, PyPI, RubyGems, and many more, are watching this incident and know that the very same crisis looms in their future. Maybe they will change course, too, before the inevitable.

Unfortunely no, that is why SBOM (Software Bill Of Materials), and only allowing vetted software packages on in-house CI/CD is such a thing on many companies.

Unfortunely not yet spread wide enough, and anyway doesn't do anything for everyone else doing software outside big corporation virtual wall.

Most developers are too trigger happy to add software dependencies without thinking twice about them.

View full discussion on Hacker News

ID: 45273755Type: storyLast synced: 11/20/2025, 6:33:43 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN