20
cursee
6y

TL;DR : 38837+ stargazers repo thought it is cool to design snow on top of their UI buttons, and also changed their titles to “Ho ho ho”. Received "This is not good for production!!!" issues tickets.

People from /r/programming or devs from China or react devs might know this story by now.

Story : http://blog.shunliang.io/frontend/...

Lesson of the story : Do not go crazy extent for cool things for your product.

Comments
  • 4
    hehehehe it is funny though
  • 3
  • 9
    This is why you version lock, and update manually. Also it’s a perfectly good example of 3rd party libraries ability to do what ever they want to their code base without your knowledge, for good or evil.
  • 1
    @C0D4 this absolutely isn't why you version lock and upgrade manually... It wouldn't help at all here
  • 1
    @willol how do you figure that?
    If your on a previous version (for this example) you won’t be affected by this bullshit, same goes for other repos.

    It takes 1 second to produce a broken code base. With these libraries being used so much in the sense of NodeJs you can ultimately take down thousands of applications.
  • 2
    @C0D4 last update for font awesome for example removed support for IE11. Took me a bit to find the culprit.
  • 4
    The thing is the end users shouldn't have to worry about such things. End users here meant the developers using the library.

    - Imagine you cannot rely on the rice packages selling on the market, your vege vendors, your meat sellers nor any restaurants or fast food shops.

    - Imagine that you have to grow your own rice/wheat field, vegetables, grow fishes and chickens and cows and stuff.

    - Imagine that if you decided to rely on someone else for something, they might have pee on the fields, shit on the veges and cum on the meats.

    I wanna live in a world where I can trust others :3
  • 2
    @cursee I have nothing against the reuse of packages. I thinks it’s great. But I think precaution should be used instead of trusting blindly, after all not all devs are trustworthy.
  • 2
    @C0D4 I think there are a lot of people out there who have no idea what "configuration management" even is.
Add Comment