Rfcs Alternatives

rfcs reviews and mentions

• NPM packages from RedHat have been compromised
  11 projects | news.ycombinator.com | 1 Jun 2026

  > they've taken no action.

  Not running lifecycle scripts by default is eventually going to be the default behavior. Late is worse than not at all. https://github.com/npm/rfcs/pull/868

• Pnpm has a new setting to stave off supply chain attacks
  4 projects | news.ycombinator.com | 18 Sep 2025

  There was an NPM RFC for this feature (though as focused on supply chain attacks) in 2022, but the main response mirrored some of the other comments in here.

  "waiting a length of time doesn’t increase security, and if such a practice became common then it would just delay discovery of vulnerabilities until after that time anyways"

  https://github.com/npm/rfcs/issues/646#issuecomment-12824971...

• My failed attempt to shrink all NPM packages by 5%
  5 projects | news.ycombinator.com | 27 Jan 2025

  I think the main TLDR here [1]:

  > For example, I tried recompressing the latest version of the typescript package. GNU tar was able to completely compress the archive in about 1.2 seconds on my machine. Zopfli, with just 1 iteration, took 2.5 minutes.

  [1] https://github.com/npm/rfcs/pull/595#issuecomment-1200480148

• Yarn 4.0
  10 projects | news.ycombinator.com | 23 Oct 2023

  npm workspaces plus Wireit works far better than Lerna, in my experience.

  https://github.com/google/wireit

  Wireit's ability to specify actual script dependencies, do caching (and on Github actions), and it's long-running service script support make it much more useful and comprehensive than Lerna.

  I agree that this should be built into npm. There's an RRFC for it here: https://github.com/npm/rfcs/issues/706

• NPM vs Yarn?
  1 project | /r/Frontend | 5 Mar 2023

  It's coming https://github.com/npm/rfcs/blob/main/accepted/0042-isolated-mode.md

• How do you know that the .exe or .apk file for an open source software on github is actually compiled from the viewable source code?
  4 projects | /r/opensource | 24 Nov 2022

  This just got accepted as a proposal in NPM: https://github.com/npm/rfcs/pull/626

• Why aren't Node.js package managers interoperable?
  6 projects | dev.to | 7 Oct 2022

  npm also plans to support pnpm-style node_modules

• Axios shipped a buggy version and it broke many productions apps. Let this be a lesson to pin your dependencies!
  5 projects | /r/node | 7 Oct 2022

  (I usually end up removing npm ci from CI/CD since I think it is way too slow and want to cache node_modules from previous builds; I'm waiting for https://github.com/npm/rfcs/issues/415 to land to make this fail-safe npm install --from-lockfile. Yarn does support this already)

• How to run multiple NPM commands simultaneously using concurrently
  1 project | /r/node | 19 Sep 2022
• [RRFC] Parallel script execution when value is set to an array of text. · Issue #610 · npm/rfcs
  1 project | /r/node | 2 Jul 2022
• A note from our sponsor - SaaSHub
  www.saashub.com | 16 Jun 2026

  SaaSHub helps you find the best software and product alternatives Learn more →