43
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 22 Jul 2023
43 points (100.0% liked)
Programming
16 readers
1 users here now
All things programming and coding related. Subcommunity of Technology.
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 1 year ago
MODERATORS
That's because the web dev ecosystem at one point decided, that libraries that only offer very minute functionality are acceptable as well as adding 20 of them to your project.
Examples like isEven or leftPad come to mind, which have such high proliferation, that their dev broke half the planets web projects when he broke them intentionally.
I remember reading about this years ago, even affected internal Facebook dev team when it happened.
The dev was (rightfully) angry at NPM about another project and asked NPM to delist all of them. For some reason NPM at the time allowed this. I think they just had never thought about the problems it could cause before. Deployments to package managers, especially open source deployments with irrevocable licences, shouldn't be allowed to be removed. Doubly so once they're depended on. NPM's policy changed and is now more in line with that.
It affected pretty much everyone because some very popular frameworks at the time pulled left pad in transitively through other modules. Then because those popular frameworks did and most everyone was using those frameworks it broke pretty much everyone.