> Maybe other languages that depend on this broken dependency management model, like Cargo, PyPI, RubyGems, and many more, are watching this incident and know that the very same crisis looms in their future. Maybe they will change course, too, before the inevitable.
Unfortunely no, that is why SBOM (Software Bill Of Materials), and only allowing vetted software packages on in-house CI/CD is such a thing on many companies.
Unfortunely not yet spread wide enough, and anyway doesn't do anything for everyone else doing software outside big corporation virtual wall.
Most developers are too trigger happy to add software dependencies without thinking twice about them.
It is a lot of work to make a web standardised standard library for JS. Probably years of work. Any decision is set in stone. You cant pull python 2 to 3 or the various .NETs for open standards the world relies on. It is a hard problem. Worth starting on maybe but wont be ready for a long while.
I've tried making the suggestion of a standard library several times and I would consider the reaction from the standards body to be "hostile," but then again I lost a lot of faith in TC39 when I took over the future of JavaScript's core infrastructure and they didn't lift a finger to encourage me or stop me or guide me. I don't think they have even noticed at all. Given that they simply won't engage with the biggest problems facing their community, it sure feels like they are passing the wheel to me to steer the ship.
Google could force a standard lib by including it with Chrome. This would solve part of the issue. JS as a language would still have significant warts.