740
average day in NPM land
(programming.dev)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 31 Jul 2024
740 points (99.3% liked)
Programmer Humor
19488 readers
1150 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 1 year ago
MODERATORS
It handles a few weird edge cases, mostly. Only 7 meaningful lines of code and almost 70M downloads week!
Sadly, it's a stupid dependency of a lot of things.
Just ran
npm explain is-numberon one of my projects, and it's a dependency ofto-regex-rangewhich is a dependency offill-rangewhich is a dependency of....and so on up the chain.I was hoping I wouldn't find that in there, but alas, it is.
Given that this screenshot is about
to-regex-rangeI think they might be on to something!🤦♂️😆
Didn't even catch that in the screenshot. lol
I don't get the concept that depending on 7 lines of code from a third-party package is remotely acceptable. It's expanding the potential attack surface to save a dev from templating 7 lines of boilerplate. There's no net benefit or appreciable time saved.
I'm glad I don't have to deal with this regularly.
ETA: The package is even MIT licensed! There's no excuse but laziness and not wanting to understand the code to import this rather than inlining or implementing a novel version. If I can spend the time to write:
after every function call...I just didn't get it.
You’re right, it’s not sane! The js ecosystem is hell