discussions VS Babel (Formerly 6to5)

The question in that thread, and this later thread,[1] is how to know which keys are valid to sign a package.

For example: I go to release a new version and I've lost my private key, so I roll a new one -- this will happen often across npm's 1.3 million packages. Do I then ... log in with my email and update the private key on my account and go about my business? What process does npm use to make sure my new key is valid? Can a person with control over my email address fake that process? How are key rotations communicated to people updating packages -- as an almost-always-false-positive red flag, or not at all, or some useful amount in between? If you don't get this part of the design right -- and no one suggests how to in those threads -- then you're just doing hashes with worse UX. And the more you look at it, the more you might start to think (as the npm devs seem to) that npm account security is the linchpin of the whole thing rather than signing.

It's not just npm; that thread includes a PyPI core dev chipping in with the same view: "Lots of language repositories have implemented (a) [signing] and punted on (b) and (c) [some way to know which keys to trust] and essentially gained nothing. It's my belief that if npm does (a) without a solution for (b) and (c) they'll have gained nothing as well." It also has a link from a Homebrew issue thread deciding not to do signatures for the same reason -- they'd convey a false expectation without a solution for key verification.[2]

[1] https://github.com/node-forward/discussions/issues/29

GitHub | Website

node 'node_modules/.bin/jest' '/Users/satparkash/code/test-app/src/A pp.test.tsx' -t 'App' FAIL src/App.test.tsx ● Test suite failed to run SyntaxError: /Users/satparkash/code/test-app/src/App.test.tsx: Support for the experimental syntax 'jsx' isn't currently enabled (6:12): 4 | describe('App', () => { 5 | it('should work as expected', () => { > 6 | render(); | ^ 7 | }); 8 | }); 9 | Add @babel/preset-react (https://github.com/babel/babel/tree/main/packages/babel-preset-react) to the 'presets' section of your Babel config to enable transformation. If you want to leave it as-is, add @babel/plugin-syntax-jsx (https://github.com/babel/babel/tree/main/packages/babel-plugin-syntax-jsx) to the 'plugins' section to enable parsing. Test Suites: 1 failed, 1 total Tests: 0 total Snapshots: 0 total Time: 0.278 s Ran all test suites matching /\/Users\/satparkash\/code\/test-app\/src\/App.test.tsx/i with tests matching "App".

Webpack (Babel) - https://babel.dev/

I do appreciate your transparency, though I disagree with the sentiment that I’m arguing from a position of bad faith.

It’s a self-evident fact that the Babel team has not shown a moment of interest in lowering their role in the JavaScript ecosystem to anything short of kingmakers. Have a gander at their GitHub README and what do we see?[1]

- “Babel is a compiler for writing next generation JavaScript.” Indefinitely.

- Over a dozen sponsor logos. An embarrassment of riches.

- A literal audio recording of a song in praise of the project.

The Babel team has a well documented history of their priorities[2], emphasizing the need for a modular approach that has no exit strategy[3]. At best, we have a case of accidental entrenchment and long term dependence on the Babel brewing as early as 2017![4]

Compare this infinite circus to the humble but popular Normalize.css, which has the express purpose to stop existing.[5]

If the Babel team wants to raise some money, they can start by putting a plan together that would codify an exit strategy. It’s certainly more noble than their current plan of barnacling on to every NPM package…

- [1] https://github.com/babel/babel

- [2] https://github.com/babel/notes

- [3] https://github.com/babel/notes/blob/master/2016/2016-07/july...

- [4] https://github.com/babel/notes/blob/master/2017/2017-04/apri...

- [5] https://nicolasgallagher.com/about-normalize-css/

The problem was I had used some new code, Javascript's replaceAll(), that is unsupported by older browsers. And, the setup I have to automatically fix such issues (called babel) is out of date. So, while this problem appears to be resolved there, I hadn't updated that in awhile.

babel-loader(v9.1.0): allows transpiling JavaScript files using Babel and webpack.

created 6 years ago to solve the specific problem of managing the Babel repo packages

https://github.com/babel/babel/discussions/13013 maybe this could help