Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@ReverendLovejoy which means you’re using deprecated packages... still an action you’re taking
-
@Plasticnova no. Packages require specific versions of other packages. For the case of core-js: some package specified it needs ^2.0.0, there you go, warn on installing it.
The whole idea of packaging only works if we stop to bump major versions every day or actually maintain shit.
If I published a package it's one of my responsibilities to keep an eye on it's dependencies.
For me this is a nice example of the things wrong with open source: just because you can publish your shit doesn't mean you need to publish your shit. De facto standards rise every second day and it's unnerving. -
@nitwhiz you using shitty dependencies is the problem
-
@Plasticnova then tell me which vue, react and/or webpack I should use then.
Of course me using the internet is the problem of me being annoyed by stuff happening on the internet. -
@nitwhiz how about neither, is that so crazy to consider?
-
@Plasticnova yes.
-
@nitwhiz that’s terrible
-
@Plasticnova It's not just about the dependencies of the package you are using. It's also about the dependencies of the dependencies of the dependencies of some fucking GIGABYTES of other dependencies that depend on NO-FUCKING-BODY has any idea what anymore. That's the NPM ecosystem in a nutshell.
And then see the leftpad disaster where some totally trivial string leftpadding someliner was unpublished, and shit stopped working left and right all over the world.
This is what happens when you combine open source with packaging, but have clueless noobs in charge of the whole shitshow who havn't even heard the words "configuration management" just once in their lifetime. -
@Fast-Nop but the argument still stands, don’t use those types of dependencies. Or if you do, be prepared to deal with bullshit. Sometimes you need quick and dirty prototypes, I get that, but these massive and dependency heavy solutions are such a headache. Sometimes it’s better to just move on and change your techniques
-
@nitwhiz Vue, React and Webpack are all huge. Just don't use them. The only way a package management system can work without suffocating in deprecated packages included for a feature you don't need is with the Unix principle. And the Unix principle prohibits the use of all-around frameworks for this very good reason.
I hope that real developers can implement design patterns and loosely coupled modules on their own so there's no reason to include anything apart from very specific packages for very specific jobs. -
@Plasticnova Yuu don't control what NEW dependencies the packages you are using, or their dependencies, introduce along with security bugfixes.
The only sane solution for that problem is probably not to use NPM. -
@Fast-Nop using packages with fewer nested dependencies is a good place to start. Sometimes going back to the basics is the best solution. I like npm, what you choose to install via npm is completely up to you.
-
@Plasticnova your advice is terrible and add nothing of value.
-
@magicMirror Guilty of it but I'm saving.
-
@Plasticnova True, NPM isn't bad if you don't use complex third party dependencies. Then it's superfluous instead.
-
NPM simply shouldn't allow devs to publish anything supporting EOL NodeJS versions or having such dependencies, and various "free for OSS" services should only offer EOL runtimes on enterprise plans. It would either force devs to keep their shit up to date and remove useless dependencies (like 100+ versions of promisify or core.js), or force other devs to stop using those packages as their dependencies.
-
https://reddit.com/r/programming/...
is-odd (almost one-liner "library")
nanomatch
...
micromatch
webpack, babel/core, ts-loader...
btw: check is-number package 😂
What only relying on JavaScript for HTML form input validation looks like
Found something true as 1 == 1
Every fucking time I install a new npm package
npm WARN deprecated core-js@2.5.7: core-js@<3.0 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.
npm WARN deprecated fsevents@1.2.9: One of your dependencies needs to upgrade to fsevents v2: 1) Proper nodejs v10+ support 2) No more fetching binaries from AWS, smaller package size
npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/...
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated domelementtype@1.3.0: update to domelementtype@1.3.1
npm WARN deprecated circular-json@0.3.3: CircularJSON is in maintenance only, flatted is its successor.
npm WARN deprecated flatten@1.0.2: I wrote this module a very long time ago; you should use something else.
rant
js
npm