740
average day in NPM land (programming.dev)
you are viewing a single comment's thread
view the rest of the comments
[-] onlinepersona@programming.dev 52 points 3 months ago* (last edited 3 months ago)

440GB weekly for "is number". What in the world is that package doing?

Anti Commercial-AI license

[-] sus@programming.dev 88 points 3 months ago* (last edited 3 months ago)

is-number is a one-line function. (though it's debatable if a function that complex should be compressed to one line)

You may have heard of a similar if more extreme "microdependency" called is-even. When you use an NPM package, you also need all the dependencies of that package, and the dependencies of those dependencies recursively. Each package has some overhead, eventually leading to this moment in time.

[-] sparkle@lemm.ee 11 points 3 months ago* (last edited 3 months ago)

Web bloat in a nutshell and why we need to switch to things like Web Assembly more than ever. It's not WASM, but I used Laminar which is a Scala.js library, and it's the absolute pinnacle of (frontend) web development. Scala in general is just really great for idiomatic web code, its flexibility is unbeatable.

Another amazing alternative would be anything Rust. In fact I've used that much more than Scala for web. I've mainly used Leptos for full-stack and and Actix for backend, but I've seen Dioxus and Axum in good use and they both seem really great too.

Apparently Lemmy uses Leptos for its UI so... that's a +1.

[-] Auzy@beehaw.org 3 points 3 months ago

I feel like this is completely avoidable bloat.

You could quite easily create this bloat in any language

[-] GammaGames@beehaw.org 26 points 3 months ago* (last edited 3 months ago)

It handles a few weird edge cases, mostly. Only 7 meaningful lines of code and almost 70M downloads week!

[-] ptz@dubvee.org 28 points 3 months ago

Sadly, it's a stupid dependency of a lot of things.

Just ran npm explain is-number on one of my projects, and it's a dependency of to-regex-range which is a dependency of fill-range which is a dependency of....and so on up the chain.

I was hoping I wouldn't find that in there, but alas, it is.

[-] apotheotic@beehaw.org 34 points 3 months ago

Given that this screenshot is about to-regex-range I think they might be on to something!

[-] ptz@dubvee.org 23 points 3 months ago

🤦‍♂️😆

Didn't even catch that in the screenshot. lol

[-] nickwitha_k@lemmy.sdf.org 8 points 3 months ago* (last edited 3 months ago)

I don't get the concept that depending on 7 lines of code from a third-party package is remotely acceptable. It's expanding the potential attack surface to save a dev from templating 7 lines of boilerplate. There's no net benefit or appreciable time saved.

I'm glad I don't have to deal with this regularly.

ETA: The package is even MIT licensed! There's no excuse but laziness and not wanting to understand the code to import this rather than inlining or implementing a novel version. If I can spend the time to write:

if err != nil {
  slog.Warn("well shit", "error", err)
  return err
}

after every function call...I just didn't get it.

[-] GammaGames@beehaw.org 5 points 3 months ago

You’re right, it’s not sane! The js ecosystem is hell

[-] sukhmel@programming.dev 4 points 3 months ago

I'm not sure, this is a valid estimate. If they were to replace is-number with its contents, that would mean that the economy is only in HTTP-related overhead.

It maybe will make difference because of building phase, lock-files, package-files, but I am not sure that data-traffic difference is that big

this post was submitted on 31 Jul 2024
740 points (99.3% liked)

Programmer Humor

19503 readers
1241 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS