this post was submitted on 22 Jul 2023
41 points (100.0% liked)

Programming

13376 readers
1 users here now

All things programming and coding related. Subcommunity of Technology.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 1 year ago
MODERATORS
 

This seem quite counter intuitive and to be bloating the project: i'm trying to install tsdoc linter, but npm adds like other 50 packages alongside with it, is this the expected behaviour? Why is it so?

A project that could easily be 5MB ends up being like 60MB

you are viewing a single comment's thread
view the rest of the comments
[–] MaggiWuerze@feddit.de 36 points 1 year ago* (last edited 1 year ago) (3 children)

That's because the web dev ecosystem at one point decided, that libraries that only offer very minute functionality are acceptable as well as adding 20 of them to your project.

Examples like isEven or leftPad come to mind, which have such high proliferation, that their dev broke half the planets web projects when he broke them intentionally.

[–] TheBaldness@beehaw.org 10 points 1 year ago (1 children)

And this is why I had so much trouble learning JavaScript. It was unclear where the language ended and the libraries & frameworks began.

[–] brie@beehaw.org 3 points 1 year ago

The strategy I use for JS is to try to find things on MDN first, since a lot of the time there's the JS method, and then there's the jQuery/whatever-framework method, and MDN only has the prior.

[–] brunofin@lemm.ee 7 points 1 year ago (1 children)

I remember reading about this years ago, even affected internal Facebook dev team when it happened.

[–] JackbyDev@programming.dev 6 points 1 year ago

The dev was (rightfully) angry at NPM about another project and asked NPM to delist all of them. For some reason NPM at the time allowed this. I think they just had never thought about the problems it could cause before. Deployments to package managers, especially open source deployments with irrevocable licences, shouldn't be allowed to be removed. Doubly so once they're depended on. NPM's policy changed and is now more in line with that.

It affected pretty much everyone because some very popular frameworks at the time pulled left pad in transitively through other modules. Then because those popular frameworks did and most everyone was using those frameworks it broke pretty much everyone.

[–] upstream@beehaw.org 5 points 1 year ago (1 children)

Step one: Create random package that does something trivial that’s done often.

Step two: Start making PR’s to lots of open source projects replacing a number of lines of code with your new package.

Step three: Work hard to get your package into another package that’s used by many.

Step four: Update your CV to reflect that you build software that thousands of companies depend upon.

Step five: Profit from the stupid incentives created by companies hiring people that pad their CV’s by making redundant software and push them into everything they can to make sure everyday is dependency hell.

Gotta make a name somehow. (/s)