Regarding point 4: more people need to realise picking the right NPM package in the JS ecosystem is becoming a "must-have" skill, but the only way to find the right package is still to be constantly up-to-date with the ecosystem, endless google searches or hoping someone on Twitter can just tell you what's better.

This is why I built https://pkg.land/ (beta), append NPM package name to the url and a list of alternatives will be suggested. See https://pkg.land/colors

FWIW, I work in security and this skill is becoming very well automated in that domain.

It's imperfect (and always will be), but there's a large overlap between manageable libraries and securable[0] libraries.

[0] In the software-composition analysis field, "securability" is not only about upgrading vulnerable libraries but also about how many vulnerable transitive dependencies you may have to upgrade in future.

Not a question but just want to help developers who needs it: pkg.land (beta) finds similar packages on NPM.

Here are the links for colors and faker:

https://pkg.land/package/colors (chalk is top suggestion!)

https://pkg.land/package/faker

This is very cool. Sad that it only works for NPM packages. Would love this for PyPI packages

Just in case anyone need this, I’ve built pkg.land (beta) to help developers find NPM similar packages, here are the links for colors and faker:

- https://pkg.land/package/colors

- https://pkg.land/package/faker