Hacker News new | past | comments | ask | show | jobs | submit login

> Isn't adding another potentially unknown maintainer generally better for the community than a project dying?

No, not if the project becomes malicious. I'd rather it died and I switched to an alternative I can trust.




Maybe a compromise would be some sort of obvious notification (via the website and also via the npm cmdline software) if a maintainer changed.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: