Guy brings down thousands of npm builds



  • Guy gets pissed off at npm and withdraws all his modules. Turns out one of them is extremely popular and used all over the internet.

    A million automated build systems suddenly cried in terror, and then crashed.

    And what was this amazing module that people had to outsource to a fickle third party?

    module.exports = leftpad;
    
    function leftpad (str, len, ch) {
      str = String(str);
    
      var i = -1;
    
      if (!ch && ch !== 0) ch = ' ';
    
      len = len - str.length;
    
      while (++i < len) {
        str = ch + str;
      }
    
      return str;
    }
    

    People... Just make a fucking tools library for your project, ok? You don't need to drag in silly simple stuff like this as dependencies.

    Oh and if your build system must not fail... Use a private npm.


  • Discourse touched me in a no-no place

    @cartman82 Left-padding a string was a library?! :wtf:



  • @cartman82 said:

    le... Just make a fucking tools library for your project, ok? You don't need to drag in silly simple stuff like this, as dependencies.

    Oh and if your build system must not fail... Use a private npm.

    Not to mention the code isn't all that great either.



  • @cartman82 said:

    Not to mention the code isn't all that great either.

    Yeah, I was just going to ask the JS gods here about that. Isn't the following basically the O(n^2) way of doing this?

    while (++i < len) {
        str = ch + str;
    }
    

  • :belt_onion:

    You can withdraw modules? If you haven't got a private npm, do so immediately before the me too! effect strikes.



  • @cvi Yeah, I would have done it like this.

    function pad(str, count, char) {
        char = char || ' ';
        count = count - str.length;
        if (count <= 0) {
            return str;
        }
        return Array(count).join(char) + str;
    }
    

    But who knows, maybe he did the math and figured out in most cases several string allocations is less expensive than one array allocation. I doubt it, though.



  • When I started coding Kik, didn’t know there is a company with same name. And I didn’t want to let a company force me to change the name of it.

    Wut? "I didn't know someone already used the name I wanted so fuck them I'm still going to use it?"
    I'm not a lawyer, but I don't believe it works that way.


  • Winner of the 2016 Presidential Election

    @dkf said:

    Left-padding a string was a library?!

    You'd be surprised how many little string functions you're used to in other languages are actually missing in JavaScript. A simple .trim() won't work in IE8 and older, it's that new.



  • function pad(str, len, ch) {
        ch = ch || ' ';
        var l = len - str.length;
        while (ch.length < l) { ch = ch + ch; };
        return ch.substring(0,l) + str;
    }
    

    log(n), baby! And it even works when the padding is not just a single character!

    > pad("YEAH, BABY!", 20, "padding");
    <- "paddingpaYEAH, BABY!"
    


  • @RandomStranger String allocations can be a problem. Array.join trick sort of forces v8 to use its internal StringBuilder or whatever it has, since there's nothing like that available in userspace.

    Not that I actually tested this, so it could be a moot point.



  • @cartman82 said:

    @RandomStranger String allocations can be a problem. Array.join trick sort of forces v8 to use its internal StringBuilder or whatever it has, since there's nothing like that available in userspace.

    Not that I actually tested this, so it could be a moot point.

    Well, fine. Here you go:

    function pad(str, len, ch) {
        ch = (ch || ' ').split('');
        var l = len - str.length;
        while (ch.length < l) { ch = ch.concat(ch); };
        return ch.slice(0,l).join('') + str;
    }
    


  • @RandomStranger Maybe it is log(n), maybe it isn't.

    O(?) depends heavily on the implementation of every level of abstraction.

    If substring is O(n), then your implementation is O(n).


  • Discourse touched me in a no-no place

    @cvi said:

    Isn't the following basically the O(n^2) way of doing this?

    Very likely, though for small amounts of padding it doesn't really matter all that much. O(n2) ≈ O(n) for small enough n, after all…



  • Related


  • sockdevs

    @cartman82 That's what happens when idiots get a hold of shiny.

    Of course, there's one user here who'll use this as an excuse to hate on OSS, even though this has nothing at all to do with the fact that this is OSS; the same could so easily happen with closed-source.


  • Discourse touched me in a no-no place

    @RaceProUK said:

    That's what happens when idiots get a hold of shiny.

    That's what happens when people decide that releasing things is too much like hard work. Repositories have a habit of going away (or, less sinisterly, moving to somewhere else).



  • @cartman82 Wait... WTF do you need nested dependencies just to check a number?



  • @WPT said:

    @cartman82 Wait... WTF do you need nested dependencies just to check a number?

    var passAll = require('101/pass-all')
    var isPositive = require('is-positive')
    var isInteger = require('is-integer')
    
    module.exports = passAll(isPositive, isInteger)
    

    link

    How else would you do it?



  • For once, PHP is not TRWTF. It also actually has string padding functions.



  • @cartman82 It just dawned upon me that web development in most part of the world has progressed to a point of making supposedly simple instructions complicated and supposedly complicated instructions simple. :facepalm:



  • I remember an attempt to run something in nodejs that used DOM functions, and the NPM module for it required all sorts of libraries which included others, etc., and one of them could only be built by VisualStudio. That was the last drop. I just wrote the 200 lines or so needed for the extremely simple task in less time than it takes to download VisualStudio, let alone install it.


  • sockdevs

    @Hanzo said:

    and one of them could only be built by VisualStudio

    0_1458728935211_wtf.png



  • @WPT

    Because in JS you can have craziness like negative zero. It is easier to just pull in the module than to bother dealing with the logic.

    TBH any JS programming is like this. I spend half my life shimming the fuck out of the browsers so I have a decent API to work with. Just look over MDN and for every newish JS function they have a polyfill.

    ES6 / TypeScript fix most of this craziness.

    Disclaimer: I love JavaScript


  • sockdevs

    @lucas1 said in Guy brings down thousands of npm builds:

    Because in JS you can have craziness like negative zero

    As you can in any language that uses the IEEE floating-point standard (which is pretty much all of them)

    @lucas1 said in Guy brings down thousands of npm builds:

    I spend half my life shimming the fuck out of the browsers so I have a decent API to work with

    Instead of using jQuery? Unless you mean specifically polyfills, which luckily I've managed to avoid (so far)

    @lucas1 said in Guy brings down thousands of npm builds:

    Disclaimer: I love JavaScript

    It's a good language when you learn to deal with its quirks :)


  • Winner of the 2016 Presidential Election

    @RaceProUK Yeah, but most langiages also have ints, which don't have -0 and are generally more widelt used IME



  • @dkf said:

    That's what happens when people...

    ...just stop using fucking jQuery for everything and go with the dogs breakfast of npm hell!

    Be pure people!

    LET'S MAKE JQUERY GREAT AGAIN


  • Discourse touched me in a no-no place

    @Jaloopa said:

    langiages
    widelt

    The accalias are strong with this one!



  • I am not loading the whole of jQuery to use $.trim(), when I can just include a polyfill from MDN and change the string prototype.


  • Discourse touched me in a no-no place

    @boomzilla said:

    LET'S MAKE JQUERY GREAT AGAIN

    :cry: LEAVE JQUERY ALONE! :cry:





  • @lucas1 I understand that JS allows for all this shit. But... but... isn't simple task like numerical checking and string padding trivial that anyone could have just wrote functions for them without having to link to another dependency?



  • @WPT

    This is the prevailing attitude and I agree with it. Why bother writing your own function when you can pull in a module that has already been proven to work.

    People forget that in other languages that String functions etc aren't part of the language but part of the library that tend to come along with it e.g. System.String isn't part of C#, it is part of .NET.


  • Winner of the 2016 Presidential Election

    @cartman82 A library, but more hipster? :fishing_pole_and_fish:


  • sockdevs

    @cartman82 said:

    How else would you do it?

    :headdesk:

    function isPositiveInteger(x){
        const isInt = Math.floor(x) === x;
        const isPositive = x > 0;
        return isInt && isPositive;
    }
    

    it's not that hard peoples! you don't need a library to do everything for you!



  • @accalia

    Why bother working that out, when someone has already done the work for you?

    Also your example won't work in older browsers as const is ES6.


  • sockdevs

    @lucas1

    • because reducing external dependencies can increase performance (when the depencency tree is that deep the function call has hella overhead)
    • because i don't want my system to be vunerable to one developer suddenly deciding to unlist their package when it's functionality that took me all of five lines to write.
    • because shiny is orthogonal* to good

    * OED sense 2



  • @accalia

    So how are you going to reuse that function in another project ... copy and paste?

    Also it won't work in a mobile browser:

    Sorry but you "five lines" to write doesn't stand up so well.



  • @lucas1 It is fine if the said modules contain a reasonable amount of complexity but checking for negativity is not complex and neither is string padding on a high-level language such as JS.



  • who would say that projects done by people that think doing everything in js is a good idea would have dependencies like this?



  • @WPT

    x === 0 && 1 / x === -Infinity

    Is the example in the article, I write a lot of JS and I would have to hold that little nugget in my head all the time or I could just import the fucking module and not worry about it.


  • sockdevs

    @lucas1 said:

    So how are you going to reuse that function in another project ... copy and paste?

    if i need it in another project, yes.

    because that's what reducing external dependencies is

    @lucas1 said:

    Also it won't work in a mobile browser:

    s/const/var/g then if you heathens want it working in ES5.



  • @dkf Does Javascript even have any built-in libraries, like at all? I don't blame the developers for not wanting to rewrite the essential stuff every single time.



  • @accalia

    The point being that your five lines wasn't as simple as you thought it was. Which is why people use modules in the first fucking place.




  • Winner of the 2016 Presidential Election

    @accalia said:

    because i don't want my system to be vunerable to one developer suddenly deciding to unlist their package

    That's why you should always have a local mirror. Never let your build depend on anything on the internet.

    Additional advantage: You can now easily patch your dependencies, if necessary.


  • sockdevs

    @lucas1 said:

    The point being that your five lines wasn't as simple as you thought it was.

    so your point is "module all the things!"?

    0_1458733186237_all-the-things.jpg

    fuck that

    @lucas1 said:

    Which is why people use modules in the first fucking place.

    if the functionality contained in the module warrants the creation of the module, then by all means do so. checking to see if you have a number that is both an integer and greater than 0 does not warrant a module.



  • @accalia

    Even when you were quite obviously proven something isn't as simple as you claim, you still insist that it is. Fascinating.

    If you were using C# would you reimplement String.IsNullOrEmpty because it is trivial to check? BTW System.String is a package in .NET Core.


  • Discourse touched me in a no-no place

    @anonymous234
    I could see a library for checking all sorts of numeric properties. Atomising the library into lots of little libraries hosted by different people… well, that's differentmobile Discourse.



  • @cartman82 said:

    Related

    What the sweet fuck?

    Nick Craver ‏@Nick_Craver 9h9 hours ago
    In node.js’s defense, it doesn’t have integers.
    Okay never mind, that only helped matters in my head.

    WHAT?



  • @cartman82 Instead of withdrawing, I assume he could have "updated" the function to a different one, right? One that returned "butts" for every input, or the actual string but in those "upside down" unicode characters, etc.

    Or worse, could he have silently added a backdoor (even if just for a very short time) to all those big projects? Because that's something to worry about.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.