Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
C0D4669446yEvery time I want to give node a try, something like this reminds me why I don’t bother.
Node is based on the principal of sharing, but if the shared resources are not maintained the entire project can come falling down.
Pros and cons of dependency hell 😔 -
Root797346y@C0D4 Yeah, lazy people use garbage, write garbage, and share garbage. Non-lazy people tend to get roped into using sub-dependency garbage, therefore creating more garbage. Ergo, npm is garbage.
There are significantly more lazy people than not, and with npm's mentality of "reuse, don't rewrite" ... exponential garbage. -
Laughed out loud at "not particularly majestic", borrowing for future use
Also, I recently was forced to do some JS work and saw the Node ecosystem in its full glory for the first time (never used it before this, used to write vanilla JS and manually link libraries).
Yeah, dependency hell is real. -
I know, i much prefer the option of not knowing about vulnerabilities and definitely like it when my package manager does not mention such crucial details.
-
Root797346y@gamblet But the vulnerabilities aren't in my code, and some are breaking changes. That's how you get code diversion.
I could submit pull requests to fix them.
Related Rants
`npx create-react-app blah`
`cdls blah && npm audit`
63 vulnerabilities.
good fucking job.
To be fair, they're all minor, but they're all *exactly* the same, caused by the same freaking package. Update your dependencies already!
------
`npm i --save formik && npm audit`
68 vulnerabilities, three of them critical.
ugh.
rant
dated dependencies
npm
not particularly majestic
react
smh
formik