11

Every fucking time I install a new npm package

npm WARN deprecated core-js@2.5.7: core-js@<3.0 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.
npm WARN deprecated fsevents@1.2.9: One of your dependencies needs to upgrade to fsevents v2: 1) Proper nodejs v10+ support 2) No more fetching binaries from AWS, smaller package size
npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/...
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated domelementtype@1.3.0: update to domelementtype@1.3.1
npm WARN deprecated circular-json@0.3.3: CircularJSON is in maintenance only, flatted is its successor.
npm WARN deprecated flatten@1.0.2: I wrote this module a very long time ago; you should use something else.

Comments
  • 6
    You’re using deprecated packages, it wants you to actually spend time updating dependencies. What an ass right?
  • 8
    No, the package I am installing is using deprecated dependencies
  • 2
    @ReverendLovejoy which means you’re using deprecated packages... still an action you’re taking
  • 8
    @Plasticnova no. Packages require specific versions of other packages. For the case of core-js: some package specified it needs ^2.0.0, there you go, warn on installing it.

    The whole idea of packaging only works if we stop to bump major versions every day or actually maintain shit.

    If I published a package it's one of my responsibilities to keep an eye on it's dependencies.

    For me this is a nice example of the things wrong with open source: just because you can publish your shit doesn't mean you need to publish your shit. De facto standards rise every second day and it's unnerving.
  • 0
    @nitwhiz you using shitty dependencies is the problem
  • 8
    @Plasticnova then tell me which vue, react and/or webpack I should use then.

    Of course me using the internet is the problem of me being annoyed by stuff happening on the internet.
  • 1
    @nitwhiz how about neither, is that so crazy to consider?
  • 1
  • 1
    @nitwhiz that’s terrible
  • 6
    @Plasticnova It's not just about the dependencies of the package you are using. It's also about the dependencies of the dependencies of the dependencies of some fucking GIGABYTES of other dependencies that depend on NO-FUCKING-BODY has any idea what anymore. That's the NPM ecosystem in a nutshell.

    And then see the leftpad disaster where some totally trivial string leftpadding someliner was unpublished, and shit stopped working left and right all over the world.

    This is what happens when you combine open source with packaging, but have clueless noobs in charge of the whole shitshow who havn't even heard the words "configuration management" just once in their lifetime.
  • 3
    @Fast-Nop but the argument still stands, don’t use those types of dependencies. Or if you do, be prepared to deal with bullshit. Sometimes you need quick and dirty prototypes, I get that, but these massive and dependency heavy solutions are such a headache. Sometimes it’s better to just move on and change your techniques
  • 1
    @nitwhiz Vue, React and Webpack are all huge. Just don't use them. The only way a package management system can work without suffocating in deprecated packages included for a feature you don't need is with the Unix principle. And the Unix principle prohibits the use of all-around frameworks for this very good reason.

    I hope that real developers can implement design patterns and loosely coupled modules on their own so there's no reason to include anything apart from very specific packages for very specific jobs.
  • 1
    @Plasticnova Yuu don't control what NEW dependencies the packages you are using, or their dependencies, introduce along with security bugfixes.

    The only sane solution for that problem is probably not to use NPM.
  • 0
    @Fast-Nop using packages with fewer nested dependencies is a good place to start. Sometimes going back to the basics is the best solution. I like npm, what you choose to install via npm is completely up to you.
  • 4
    @Plasticnova your advice is terrible and add nothing of value.
  • 3
    Yup. walking away now.
  • 1
    @magicMirror Guilty of it but I'm saving.
  • 0
    @Plasticnova True, NPM isn't bad if you don't use complex third party dependencies. Then it's superfluous instead.
  • 3
    What's life without risks? all my dependencies are deprecated
  • 1
    NPM simply shouldn't allow devs to publish anything supporting EOL NodeJS versions or having such dependencies, and various "free for OSS" services should only offer EOL runtimes on enterprise plans. It would either force devs to keep their shit up to date and remove useless dependencies (like 100+ versions of promisify or core.js), or force other devs to stop using those packages as their dependencies.
  • 1
    https://reddit.com/r/programming/...

    is-odd (almost one-liner "library")

    nanomatch

    ...

    micromatch

    webpack, babel/core, ts-loader...

    btw: check is-number package 😂
Add Comment