Tuesday, April 17, 2018

rant: worried about dependency culture

I am really losing my shit - er, I mean, my precious equanimity over being thwarted by the bad parts of npm/yarn culture. I burnt all yesterday tracing mysterious 404s from an artifact repository at work, and then for an otherwise fun art project, similar "can't find that file", based on my node version number and then some other "fsevents" crap that I don't even know how to find the version number of.

I know I have an over-simplified view of how things "could" be, based on
<script src="whatever.js"></script>
hacking being sufficient - but when I remember that 2016 event where one file deleted from the npm dependency tree - FOR A DAMN LEFT-PAD ROUTINE (amusingly, very similar to the hack I posted the other day ) - broke a thousand project - it really makes me wonder about  whatever the opposite of "Not Invented Here" culture is - the people who are like, well, even though this module would be 5 seconds to write, if I find someone else wrote it, I can just include it and then get a unit test for free!!!!!!!!!" I feel like this population never counts the cost of throwing in other people's code.

No comments:

Post a Comment