21
Root
6y

`npx create-react-app blah`
`cdls blah && npm audit`

63 vulnerabilities.
good fucking job.

To be fair, they're all minor, but they're all *exactly* the same, caused by the same freaking package. Update your dependencies already!

------

`npm i --save formik && npm audit`
68 vulnerabilities, three of them critical.

ugh.

Comments
  • 6
    Every time I want to give node a try, something like this reminds me why I don’t bother.

    Node is based on the principal of sharing, but if the shared resources are not maintained the entire project can come falling down.

    Pros and cons of dependency hell 😔
  • 9
    @C0D4 Yeah, lazy people use garbage, write garbage, and share garbage. Non-lazy people tend to get roped into using sub-dependency garbage, therefore creating more garbage. Ergo, npm is garbage.

    There are significantly more lazy people than not, and with npm's mentality of "reuse, don't rewrite" ... exponential garbage.
  • 4
    Laughed out loud at "not particularly majestic", borrowing for future use

    Also, I recently was forced to do some JS work and saw the Node ecosystem in its full glory for the first time (never used it before this, used to write vanilla JS and manually link libraries).

    Yeah, dependency hell is real.
  • 2
    I know, i much prefer the option of not knowing about vulnerabilities and definitely like it when my package manager does not mention such crucial details.
  • 0
    most of the vulnerabilites can be easily fixed with little effort though
  • 1
    @gamblet But the vulnerabilities aren't in my code, and some are breaking changes. That's how you get code diversion.

    I could submit pull requests to fix them.
Add Comment