Episode: 63

It's time to let JavaScript go

In this episode, Matt and Liam pick up a thread they’ve tugged at before — and this time, they don’t dance around it.

Is JavaScript just a victim of its own success, or has the ecosystem crossed a line where the risks now outweigh the convenience?

What starts as a discussion about supply-chain attacks in the JavaScript ecosystem quickly turns into something bigger: culture, incentives, governance, and why some problems don’t get fixed no matter how often we talk about them.

This isn’t a “JavaScript bad” rant for sport. It’s a serious look at why the language, its tooling, and its package ecosystem behave the way they do — and why those traits make it fundamentally hard to trust at enterprise scale.

We talk about:

  • Why NPM is uniquely vulnerable compared to other package ecosystems
  • How micro-package culture amplifies both risk and fragility
  • The uncomfortable reality of install-time code execution
  • Why “it works” isn’t the same as “it’s safe”
  • How JavaScript’s lack of leadership shapes its culture — for better and worse
  • Why backwards compatibility on the web is both necessary and suffocating
  • The difference between technical problems and cultural ones
  • Whether WebAssembly represents a real escape hatch, or just another layer
  • Why JavaScript isn’t going away — but that doesn’t mean we have to keep building everything on it

Along the way, the conversation drifts into browsers as platforms, app store gatekeeping, enterprise governance, and why the thing that made JavaScript successful may be the same thing preventing it from ever growing up.

No silver bullets. No neat conclusion. Just an honest assessment of where we are, why we got here, and what it might take to move on.

🍻 Tonight’s Drinks

This was an early morning recording so just water for the boys! (Appropriate for such a “sobering” discussion 🥁-tsh!)

Any Likes 👍, Shares 📣, Subscriptions 🔔, and Love ❤️ go a long way to helping us keep doing this for fun.

Cheers! 🍻