Guy brings down thousands of npm builds
-
@lucas1 i claim that the functionality to determine whether a number is both positive and an integer does not warrant an external dependency.
i further claim that any developer worth their salt should be able to come up with a performant and correct implementation of such a check on the spot when they need it.
i further claim that your complaint that my code sample does not work for mobile browser is bogus as a simple replacement of the ES^ keyword
constfor the ES5 keywordvarcauses the code to function correctly in mobile browsers.I further claim that your complaint about having to copy and paste my solution between projects is bullshit because the entire point i was making was this is a function that does not need to be a module, if it's not a module then it needs to be copy and pasted between projects
i fail to see how your arguments thus far have "obviously" proven me wrong. Please explain how your arguments have proven me wrong.
-
@accalia said:
i fail to see how your arguments thus far have "obviously" proven me wrong. Please explain how your arguments have proven me wrong.
I think I can answer this one: "You don't agree with him, therefore you are wrong"
-
@anonymous234 said:
Does Javascript even have any built-in libraries, like at all?
They're very hit-or-miss. It's basically everything the one guy who originally designed it thought he'd need offhand, plus a handful of additions over the year as subsequent one guys figured "Oh yeah, throw that in too."
-
@RaceProUK so.... the blakeyrat school of proving people wrong then?
-
Because you said it was "simple", and I said "what about this" and the code needed changes. It is trite example for sure and I knew straight away that it could be fixed by using the var keyword, but I showed up flaws in your reasoning quite simply.
-
@anonymous234 said:
Does Javascript even have any built-in libraries, like at all?
Some, but they're not extensive; it's far more usual to use JavaScript on top of a larger framework like DOM or Node or whatever
@accalia said:
@RaceProUK so.... the blakeyrat school of proving people wrong then?
Pretty much, yeah
-
@lucas1 said:
It is easier to just pull in the module than to bother dealing with the logic.
@lucas1 said:
I am not loading the whole of jQuery to use $.trim()
@lucas1 said:
So how are you going to reuse that function in another project ... copy and paste?
@lucas1 said:
I can just include a polyfill from MDN and change the string prototype.
He's clearly trolling, @accalia , don't feed him.
-
@lucas1 TIL that writing ES6 is a flaw
-
@lucas1 said:
It is trite example for sure and I knew straight away that it could be fixed by using the var keyword, but I showed up flaws in your reasoning quite simply.
so a trite and somewhat contrived example showing that my code needed superficial at best modifications to work in a certain environment invalidates my entire point that the functionality did not need to be a module and could have easily been implemented where needed?
riiiiiiiiiiiiiiiiiiiiiiiiiight.
that's "winning" is it?
pull one of the other ones, it has got bells on.
-
@Yamikuronue said:
@lucas1 said:
It is easier to just pull in the module than to bother dealing with the logic.
@lucas1 said:
I am not loading the whole of jQuery to use $.trim()
@lucas1 said:
So how are you going to reuse that function in another project ... copy and paste?
@lucas1 said:
I can just include a polyfill from MDN and change the string prototype.
He's clearly trolling, @accalia , don't feed him.
Sorry you seem to use the term trolling as "not completely consistent" because not everything is black and white.
BTW I have these polyfills in my bitbucket and can include in my grunt build.
-
@accalia said:
@lucas1 said:
It is trite example for sure and I knew straight away that it could be fixed by using the var keyword, but I showed up flaws in your reasoning quite simply.
so a trite and somewhat contrived example showing that my code needed superficial at best modifications to work in a certain environment invalidates my entire point that the functionality did not need to be a module and could have easily been implemented where needed?
riiiiiiiiiiiiiiiiiiiiiiiiiight.
that's "winning" is it?
pull one of the other ones, it has got bells on.
So what happens when it is slightly more complex, you have some untested code that you have to debug. Which was my fucking point.
-
@Onyx This whole thread is convincing me that Javascript is a much worse language than PHP.
-
@lucas1 said:
you seem to use the term trolling as "not completely consistent"
No, I'm sure you're trolling because I've seen you do this before: you take whatever position is contentious and argue it to the death, ignoring consistency and logic. The sheer stupidity of your statements drags people out and makes them feel they need to argue with you, but your stubbornness ensures they'll never actually teach you anything. 9/10 well done.
-
@lucas1 said:
So what happens when it is slightly more complex
then you weigh the situation and decide whether the benefits of pulling in an external module outweigh the costs of pulling that module.
in the case of string padding and integer tests the benefits do not outweigh the costs.
in the case of something like a crypto algorithm, the benefits clearly outweigh the costs.
in the case of something inbetween... well that's going to depend on what it is, why it's needed and what it's being used for.
-
@lucas1 said:
So what happens when it is slightly more complex, you have some untested code that you have to debug. Which
was my fucking pointis par for the course in software development, no matter what language, framework, and patterns you use.FTFY
Also, can you guarantee that all those tiny little modules you're using are fully tested? Thought not.
-
Apparently trolling to you is disagreeing with people.
I even linked the fucking article with the reasoning behind it which is discussed at length, written by someone that is obviously smarter than you lot.
-
@lucas1 Meh, revise that to 8/10, you're getting into petty insults. You've gotta step it up a bit if you want real staying power.
-
@accalia said:
@lucas1 said:
So what happens when it is slightly more complex
then you weigh the situation and decide whether the benefits of pulling in an external module outweigh the costs of pulling that module.
Hurrah! We finally got there.
-
Well you can look to see whether it has test included in the source, as most of them are on github.
-
@lucas1 And how do you know the tests are correct? Did they test the tests? What about the modules that aren't on GitHub? What about external dependencies like native libraries?
Two can play this game, y'know :P
-
@RaceProUK said:
@lucas1 And how do you know the tests are correct?
Because you can read them and judge for yourself. Jesus the stupid hurts.
-
OK!
jb@syno:~/tmp $ npm install is-positive-integer is-positive-integer@1.0.0 node_modules/is-positive-integer ├── is-positive@3.1.0 ├── is-integer@1.0.6 (is-finite@1.0.1) └── 101@1.5.0 (clone@1.0.2, keypather@1.10.2, deep-eql@0.1.3)Right on. Lets see how tested this is.
jb@syno:~/tmp $ find node_modules -name test node_modules/is-positive-integer/node_modules/101/node_modules/keypather/test node_modules/is-positive-integer/test jb@syno:~/tmp $ npm list /Users/jb/tmp └─┬ is-positive-integer@1.0.0 ├─┬ 101@1.5.0 │ ├── clone@1.0.2 │ ├─┬ deep-eql@0.1.3 │ │ └── type-detect@0.1.1 │ └── keypather@1.10.2 ├─┬ is-integer@1.0.6 │ └─┬ is-finite@1.0.1 │ └── number-is-nan@1.0.0 └── is-positive@3.1.0Eh... Not so much? Huh. How much code is it, anyway?
jb@syno:~/tmp $ cloc node_modules --exclude-dir test 102 text files. 100 unique files. 30 files ignored. http://cloc.sourceforge.net v 1.64 T=0.27 s (282.0 files/s, 13966.0 lines/s) ------------------------------------------------------------------------------- Language files blank comment code ------------------------------------------------------------------------------- Javascript 59 325 715 1750 JSON 10 0 0 731 HTML 2 15 0 155 YAML 4 2 0 21 ------------------------------------------------------------------------------- SUM: 75 342 715 2657 -------------------------------------------------------------------------------Ah, 1750 lines, most of which without any tests? I think I'll go with @RaceProUK's approach here.
-
@calmh said:
is-positive-integer
That interests me. I looked it up on npm and clicked through to github:
GitHub - tjmehta/is-positive-integer: check if a number is a positive integer
check if a number is a positive integer. Contribute to tjmehta/is-positive-integer development by creating an account on GitHub.
WTF?!
var passAll = require('101/pass-all') var isPositive = require('is-positive') var isInteger = require('is-integer') module.exports = passAll(isPositive, isInteger)He does have tests though. I don't know why it didn't show up for you. Literally this whole module is just composition of other modules. And as you showed, that dependency chain goes deeper than expected: he's bringing in a library called 101 just so he doesn't have to write
&&.101/PassAll looks like:
/** * @module 101/pass-all */ var isFunction = require('./is-function'); var and = require('./and'); var apply = require('./apply'); /** * Muxes arguments across many functions and &&'s the results * @function module:101/pass-all * @param {function} funcs... - functions which return a boolean * @return {function} function which accepts args which it applies to funcs and &&s the results */ module.exports = passAll; function passAll (/* funcs */) { var funcs = Array.prototype.slice.call(arguments); if (!funcs.every(isFunction)) { throw new TypeError('all funcs should be functions'); } return function (/* arguments */) { return funcs.map(apply(this, arguments)).reduce(and); }; }so that relies on a function called
and, which looks like:/** * @module 101/and */ /** * Functional version of && * @function module:101/and * @param {*} a - any value * @param {*} b - any value * @return {*} a && b */ module.exports = and; function and (a, b) { return a && b; }LITERALLY. LITERALLY
&&WTF.isFucntion?
/** * @module 101/is-function */ /** * Functional version of val typeof 'function' * @function module:101/is-function * @param {*} val - value checked to be a function * @return {boolean} Whether the value is a function or not */ module.exports = isFunction; function isFunction (v) { return typeof v === 'function'; }101 excels in making one-liners into 15 line external dependencies.
-
@calmh said:
node_modules/is-positive-integer
├── is-positive@3.1.0Does this mean that the code to check whether a number is above 0 has gone through so many revisions that's it's now on its third major version?
-
@Yamikuronue We should open an issue on his GitHub. The only contents of report should be:
-
@Yamikuronue Are you sure it's not satire?
-
@coldandtired said:
Does this mean that the code to check whether a number is above 0 has gone through so many revisions that's it's now on its third major version?
Yes.
Version 1.0.0 treated 0 as positive.
Version 2.0.0 was after a pull request that treats 0 as non-positive. This module doesn't check for negative numbers, so it doesn't care that 0 is non-negative as well.
Version 3.0.0 will coerce a string to a number to check it as well.
Version 3.1.0 changes the tests to use ES6.
-
@anonymous234 Yeah, as she dug into it, it sounded like people having fun doing something silly. Though I suppose there might be a serious purpose involved in turning operators into functions. Rewriting lisp or something.
Heh...serious.
-
One atom said to another atom "OMG! i think i just lost an electron!"
The other atom replied "Are you sure?"
"YES! I'M POSITIVE!"
-
@Yamikuronue Yeah there are a few more tests than my find shows up. The whole thing is still a fucking farce though.
-
I don't use NPM, but seems the team that operates NPM should never accept "change of ownership" request without consent from the original owner.
It sounds pretty easy to register a company with name of common plugin and then use it to file "trademark violation takedown request" (instead of the word "patent" in the message) to gain ownership of the module, and replace some malicious code in it.
They have much more to think about other than the "policy of un-publishing".
-
@anonymous234 said:
Are you sure it's not satire?
Never :)
But 101 has a number of things depending on it:
I don't like seeing
expressthere, that's a major backend framework for making websites.Also:
31,328 downloads in the last month
15 open issues on GitHub
-
@lucas1 said:
Because you can read them and judge for yourself.
So you're going to do that for all your dependencies, and your dependencies' dependencies, and your dependencies' dependencies' dependencies, and your dependencies' dependencies' dependencies' dependencies, and your dependencies' dependencies' dependencies' dependencies' dependencies, and... and... and...
-
@anonymous234 hmm, i suppose, if he published a new minor version.
But that's a problem with any external code. Ultimately, you have to trust the vendor wont try to screw you.
-
If it is a popular library with decent tests that you can run yourself, I would wager it is okay. The approach isn't perfect, but like anything you gotta use your best judgement.
-
@cartman82 said:
But that's a problem with any external code. Ultimately, you have to trust the vendor wont try to screw you.
Oh yeah, that's the other problem: Widespread breakage of semVer plus NPM's default behavior being to allow fuzzy versioning. Suddenly you deploy to QA and it installs a newer version of, say, PhantomJS, and everything breaks for no good reason.
-
@lucas1 But what if there's a bug in the module you're using to test if an integer's positive? How are you going to fix that? You can't change your local copy, as it'll be overwritten next time you update the module. Plus when you deploy elsewhere, your fix won't be there. I suppose you could issue a PR, but what if the module maintainer has been hit by a bus? What if they don't accept your PR? You could fork the module, but now you're having to maintain it yourself. Or what if the module is pulled from npm's repo? What are you going to replace it with?
-
@RaceProUK Clearly the answer is to include multiple positive integer checking libraries and one to return the "best" result.
-
One Module to call them all, One Module to test them,
One Module to bring them all and in the darknessrequirethem
-
@cartman82 said:
But that's a problem with any external code. Ultimately, you have to trust the vendor wont try to screw you.
The issue here is that in other languages you generally use less than a dozen "big" libraries, whereas Javascript people seem to be willing to use 200 tiny external modules from random people. This greatly multiplies the chances of getting screwed up by any of them.
(In that particular case though, the library could run with reduced permissions, which would be nice)
-
That is a symptom of the major flaw of JS - lack of a good standard library, especially in the area of collections and classes. Hopefully they are fixing this in ES6. The contrast is especially visible since I usually work with Python, Java/Scala, C++, where you rarely ever need to leave the standard library.
JS also lacks big libraries which provide some area of functionality in a consistent and designed manner. Let's take Pythons numpy which provides most numeric operations you are likely to need, all sharing the same data structures and API design.
If that was divided among 10 modules, it would be hard to use them together and find the needed functions.I have seen opinions praising the Node ecosystem for having lots of small modules, but I cannot see the appeal. For each feature you need you would have to research and compare existing modules. The smaller the modules the more decisions, and decisions require effort, which would be better spent implementing the thing you want to implement. The best standard library is the one you don't need to think about (like Python's built-in data structures).
-
I used to have my own set of diffs for boostrap 2.3.2 to add in fallbacks for transition for browsers that didn't support it.
-
I wrote a function to do padding in Nodejs and it took me all of thirty seconds. It never even occurred to me to check npm and see if someone else had a library for that. Searching and downloading would take longer than just writing it myself.
-
@lucas1 said:
boostrap
I have a project that uses boostrap 3.0.0, and it includes over 30 libraries.
By picking the libraries one by one, I'm able to reduce the count to about 10, with 5 of them in the masterpage and the others dynamically loaded on need. The other 20+ libraries are just of no use to me.
-
@lucas1 said:
boostrap
The unholy offspring of boost's metatemplate programming and bootstrap's CSS hackery? :evil_evil_evil_run_away:
-
@Yamikuronue said:
function isFunction (v) {
return typeof v === 'function';
}This actually makes sense, as you don't want to mistype
"functoin"and make a silent hard-to-find bug.But yes, this entire thing is just a functional programming circle-jerk. Which is fine as a style to use in the end user code. But NOT in a library, like this.
Look at lodash. Provides plenty of high level functionality, but as you dig into their code, it's all
for-s and simple pedestrian code. Because that's how you write a library in javascript.
-
@cartman82 for loops (written correctly) can be upto 8 times faster, suspect that is the real reason.
-
@cartman82 And the best thing about lodash? This is the list of dependencies:
Yep, that's right: there are none!
-
@hungrier said:
Clearly the answer is to include multiple positive integer checking libraries and one to return the "best" result.
Time for a positive integer checking showdown!
Filed Under: Nobody checks integers like this!
-
I have never been so happy to work (mostly) in the .net ecosystem. Where the whole "building software by just plugging badly-made open source legos together" attitude just doesn't exist.
