Npm is already broken beyond repair. It doesn't enforce anything, so the result is a total mess. It's the Wild West of Javascript development. Even if people are not interested now, they might be interested later when and if Deno gathers momentum and they become fed up with fighting the npm mess.
The last time I pointed this out, some npm dinosaur said npm allows publishing of any type of package so it cannot enforce a structure. Wow, really, that’s exactly what I’m saying. Whose fault is that? So the result is that nobody knows how to publish anything so npm is in shambles.
You can publish a package that has zero files in it, even if it mentions them in main/exports. That’s a very basic check they could do, but they don’t.
Ideally you wouldn’t be able to publish a type=module file that contains “require”, but if npm doesn’t even want to validate the existence of the file, we can never get to how to validate anything else.
At the very least warn the user that they’re publishing a broken package, but still allow it if you must.
Is JSR or any other package manager any better? Do pip, cargo, creates, go package manager, gems, nuget, etc enforce anything? AFAIK they are all exactly the same. Any person with any level of experience and any API design can publish a package.
Pip and gem don't install multiple versions of the same package in deps folders like npm. You need to pin your versions. Installing a package does not normally trigger a neverending cascade of dependencies like it does with npm, cargo or go.
Npm is worse in every way because it doesn't even enforce documentation be shipped with the package nor does it provide easy means to do so like Perl pods or Python docstrings or docs. The result is that most modules do not come with any docs or if they do, each and every one uses its own structure and tools contributing to the general mess.
I wish they never allowed package to be published as ESM only which makes them unusable for many nodejs users. But I feel it's more a JS ecosystem issue, than an NPM issue.
