Guy brings down thousands of npm builds
-
Guy gets pissed off at npm and withdraws all his modules. Turns out one of them is extremely popular and used all over the internet.
A million automated build systems suddenly cried in terror, and then crashed.
And what was this amazing module that people had to outsource to a fickle third party?
module.exports = leftpad; function leftpad (str, len, ch) { str = String(str); var i = -1; if (!ch && ch !== 0) ch = ' '; len = len - str.length; while (++i < len) { str = ch + str; } return str; }
People... Just make a fucking tools library for your project, ok? You don't need to drag in silly simple stuff like this as dependencies.
Oh and if your build system must not fail... Use a private npm.
-
@cartman82 Left-padding a string was a library?!
-
@cartman82 said:
le... Just make a fucking tools library for your project, ok? You don't need to drag in silly simple stuff like this, as dependencies.
Oh and if your build system must not fail... Use a private npm.
Not to mention the code isn't all that great either.
-
@cartman82 said:
Not to mention the code isn't all that great either.
Yeah, I was just going to ask the JS gods here about that. Isn't the following basically the O(n^2) way of doing this?
while (++i < len) { str = ch + str; }
-
You can withdraw modules? If you haven't got a private npm, do so immediately before the me too! effect strikes.
-
@cvi Yeah, I would have done it like this.
function pad(str, count, char) { char = char || ' '; count = count - str.length; if (count <= 0) { return str; } return Array(count).join(char) + str; }
But who knows, maybe he did the math and figured out in most cases several string allocations is less expensive than one array allocation. I doubt it, though.
-
https://medium.com/@azerbike/i-ve-just-liberated-my-modules-9045c06be67c#.t83sbaun2
When I started coding Kik, didn’t know there is a company with same name. And I didn’t want to let a company force me to change the name of it.
Wut? "I didn't know someone already used the name I wanted so fuck them I'm still going to use it?"
I'm not a lawyer, but I don't believe it works that way.
-
@dkf said:
Left-padding a string was a library?!
You'd be surprised how many little string functions you're used to in other languages are actually missing in JavaScript. A simple
.trim()
won't work in IE8 and older, it's that new.
-
function pad(str, len, ch) { ch = ch || ' '; var l = len - str.length; while (ch.length < l) { ch = ch + ch; }; return ch.substring(0,l) + str; }
log(n), baby! And it even works when the padding is not just a single character!
> pad("YEAH, BABY!", 20, "padding"); <- "paddingpaYEAH, BABY!"
-
@RandomStranger String allocations can be a problem. Array.join trick sort of forces v8 to use its internal StringBuilder or whatever it has, since there's nothing like that available in userspace.
Not that I actually tested this, so it could be a moot point.
-
@cartman82 said:
@RandomStranger String allocations can be a problem. Array.join trick sort of forces v8 to use its internal StringBuilder or whatever it has, since there's nothing like that available in userspace.
Not that I actually tested this, so it could be a moot point.
Well, fine. Here you go:
function pad(str, len, ch) { ch = (ch || ' ').split(''); var l = len - str.length; while (ch.length < l) { ch = ch.concat(ch); }; return ch.slice(0,l).join('') + str; }
-
@RandomStranger Maybe it is log(n), maybe it isn't.
O(?) depends heavily on the implementation of every level of abstraction.
If substring is O(n), then your implementation is O(n).
-
@cvi said:
Isn't the following basically the O(n^2) way of doing this?
Very likely, though for small amounts of padding it doesn't really matter all that much. O(n2) ≈ O(n) for small enough n, after all…
-
-
@cartman82 That's what happens when idiots get a hold of shiny.
Of course, there's one user here who'll use this as an excuse to hate on OSS, even though this has nothing at all to do with the fact that this is OSS; the same could so easily happen with closed-source.
-
@RaceProUK said:
That's what happens when idiots get a hold of shiny.
That's what happens when people decide that releasing things is too much like hard work. Repositories have a habit of going away (or, less sinisterly, moving to somewhere else).
-
@cartman82 Wait... WTF do you need nested dependencies just to check a number?
-
@WPT said:
@cartman82 Wait... WTF do you need nested dependencies just to check a number?
var passAll = require('101/pass-all') var isPositive = require('is-positive') var isInteger = require('is-integer') module.exports = passAll(isPositive, isInteger)
How else would you do it?
-
For once, PHP is not TRWTF. It also actually has string padding functions.
-
@cartman82 It just dawned upon me that web development in most part of the world has progressed to a point of making supposedly simple instructions complicated and supposedly complicated instructions simple.
-
I remember an attempt to run something in nodejs that used DOM functions, and the NPM module for it required all sorts of libraries which included others, etc., and one of them could only be built by VisualStudio. That was the last drop. I just wrote the 200 lines or so needed for the extremely simple task in less time than it takes to download VisualStudio, let alone install it.
-
@Hanzo said:
and one of them could only be built by VisualStudio
-
Because in JS you can have craziness like negative zero. It is easier to just pull in the module than to bother dealing with the logic.
TBH any JS programming is like this. I spend half my life shimming the fuck out of the browsers so I have a decent API to work with. Just look over MDN and for every newish JS function they have a polyfill.
ES6 / TypeScript fix most of this craziness.
Disclaimer: I love JavaScript
-
@lucas1 said in Guy brings down thousands of npm builds:
Because in JS you can have craziness like negative zero
As you can in any language that uses the IEEE floating-point standard (which is pretty much all of them)
@lucas1 said in Guy brings down thousands of npm builds:
I spend half my life shimming the fuck out of the browsers so I have a decent API to work with
Instead of using jQuery? Unless you mean specifically polyfills, which luckily I've managed to avoid (so far)
@lucas1 said in Guy brings down thousands of npm builds:
Disclaimer: I love JavaScript
It's a good language when you learn to deal with its quirks :)
-
@RaceProUK Yeah, but most langiages also have
int
s, which don't have -0 and are generally more widelt used IME
-
@dkf said:
That's what happens when people...
...just stop using fucking jQuery for everything and go with the dogs breakfast of npm hell!
Be pure people!
LET'S MAKE JQUERY GREAT AGAIN
-
-
I am not loading the whole of jQuery to use $.trim(), when I can just include a polyfill from MDN and change the string prototype.
-
-
-
@lucas1 I understand that JS allows for all this shit. But... but... isn't simple task like numerical checking and string padding trivial that anyone could have just wrote functions for them without having to link to another dependency?
-
http://dailyjs.com/2015/07/02/small-modules-complexity-over-size/
This is the prevailing attitude and I agree with it. Why bother writing your own function when you can pull in a module that has already been proven to work.
People forget that in other languages that String functions etc aren't part of the language but part of the library that tend to come along with it e.g. System.String isn't part of C#, it is part of .NET.
-
@cartman82 A library, but more hipster?
-
@cartman82 said:
How else would you do it?
function isPositiveInteger(x){ const isInt = Math.floor(x) === x; const isPositive = x > 0; return isInt && isPositive; }
it's not that hard peoples! you don't need a library to do everything for you!
-
Why bother working that out, when someone has already done the work for you?
Also your example won't work in older browsers as const is ES6.
-
- because reducing external dependencies can increase performance (when the depencency tree is that deep the function call has hella overhead)
- because i don't want my system to be vunerable to one developer suddenly deciding to unlist their package when it's functionality that took me all of five lines to write.
- because shiny is orthogonal* to good
* OED sense 2
-
So how are you going to reuse that function in another project ... copy and paste?
Also it won't work in a mobile browser:
Sorry but you "five lines" to write doesn't stand up so well.
-
@lucas1 It is fine if the said modules contain a reasonable amount of complexity but checking for negativity is not complex and neither is string padding on a high-level language such as JS.
-
who would say that projects done by people that think doing everything in js is a good idea would have dependencies like this?
-
x === 0 && 1 / x === -Infinity
Is the example in the article, I write a lot of JS and I would have to hold that little nugget in my head all the time or I could just import the fucking module and not worry about it.
-
@lucas1 said:
So how are you going to reuse that function in another project ... copy and paste?
if i need it in another project, yes.
because that's what reducing external dependencies is
@lucas1 said:
Also it won't work in a mobile browser:
s/const/var/g
then if you heathens want it working in ES5.
-
@dkf Does Javascript even have any built-in libraries, like at all? I don't blame the developers for not wanting to rewrite the essential stuff every single time.
-
The point being that your five lines wasn't as simple as you thought it was. Which is why people use modules in the first fucking place.
-
-
@accalia said:
because i don't want my system to be vunerable to one developer suddenly deciding to unlist their package
That's why you should always have a local mirror. Never let your build depend on anything on the internet.
Additional advantage: You can now easily patch your dependencies, if necessary.
-
@lucas1 said:
The point being that your five lines wasn't as simple as you thought it was.
so your point is "module all the things!"?
fuck that
@lucas1 said:
Which is why people use modules in the first fucking place.
if the functionality contained in the module warrants the creation of the module, then by all means do so. checking to see if you have a number that is both an integer and greater than
0
does not warrant a module.
-
Even when you were quite obviously proven something isn't as simple as you claim, you still insist that it is. Fascinating.
If you were using C# would you reimplement String.IsNullOrEmpty because it is trivial to check? BTW System.String is a package in .NET Core.
-
@anonymous234
I could see a library for checking all sorts of numeric properties. Atomising the library into lots of little libraries hosted by different people… well, that'sdifferentmobile Discourse.
-
@cartman82 Instead of withdrawing, I assume he could have "updated" the function to a different one, right? One that returned "butts" for every input, or the actual string but in those "upside down" unicode characters, etc.
Or worse, could he have silently added a backdoor (even if just for a very short time) to all those big projects? Because that's something to worry about.
-
@thegoryone said:
In node.js’s defense, it doesn’t have integers.
That's all you get. Have fun!
Filed under: And then it gets coerced into a string because
+
is both addition and concatenation