There should be a reputation score for new releases on npm with scores from beta users who are part of the community. Sounds similar to app store but more community controlled.
In general, there should be a risk assessment score on npm for each package sourced automatically from different criteria like how many maintainers are there in a project, ownership changes etc.
Also, making the new package available only to few % of random users would have limited the impact.
Overall this pull with complete trust is just asking for trouble.
And yeah, this developer needs to be committed to a facility for his own good (if this doesn't qualify him for that then I don't know what will).
Upwork is a shitty and unethical company. Their website sucks and app doubly so. They make a lot money but have the worst product.
So next time, any one on HN thinks about writing yet another todo app, think about disrupting freelancing industry and upwork. It won't be cool and won't make HN top page most likely but it will most likely be a product and monitory success.
It might sound weird but apart from the standard advice you are going to receive about pills, therapy and mental gymnastics, in my personal experience becoming more spiritual helps.
I know its not a popular thing in a any tech circles to even think about it but it does help. And spirituality need not involve any religion. You can try philosophies like Zen or Advaita which basically reduces you to being a doer aiming for the best way to do things without caring for the outcome. These philosophies reduce the attachment to material success and paradoxically also help you do your best on any given task because your mind is free.
Its like you are a plumber or electrician who got called for consultation. You give your best possible advice and try doing the best possible work but if the customer faces the problem again, you might not feel the pain personally.
Brave being based off chrome is actually great and your comment illustrates that. If it is based on FF, it will cut into FF market share which is already shrinking. Now, it cuts into Chrome which means two privacy focused browser instead of one.
Regardless of how many windows/any other OS versions I use later on, I will remember Win7 fondly. Its just so.. less cumbersome. May be the drastic changes that went into its preceeding and succeeding versions have a role to play in this.
In general, there should be a risk assessment score on npm for each package sourced automatically from different criteria like how many maintainers are there in a project, ownership changes etc.
Also, making the new package available only to few % of random users would have limited the impact.
Overall this pull with complete trust is just asking for trouble.
And yeah, this developer needs to be committed to a facility for his own good (if this doesn't qualify him for that then I don't know what will).