But on the other hand, getting a library into debian so users can eventually install it is also a somewhat big and lengthy process that takes time (and rightly so), compared to npm et al which amounts to "npm publish" and you're done basically.
Don't get me wrong, I'm not saying one is better/worse than the other, but there are tradeoffs that not everyone is willing to make. I personally prefer the slower more intentional/reviewed option of package repositories like debian and arch, but things like npm/pypi/aur has their uses too.
>getting a library into debian is also a somewhat big and lengthy, compared to npm et al which amounts to "npm publish" and you're done basically.
Which is a good thing. It's not like npm skiddies use this agile process to revolutionize the industry with AGI, they do left pad and a different framework every week.
except how "reviewed" is it? You maintain a package for years to gain trust and once you become trusted, you've introduced a backdoor that most people won't know about.
Don't get me wrong, I'm not saying one is better/worse than the other, but there are tradeoffs that not everyone is willing to make. I personally prefer the slower more intentional/reviewed option of package repositories like debian and arch, but things like npm/pypi/aur has their uses too.