Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuck
Buy Now
-
Modern web development is fucked. Just absolutely, totally screwed up.
I want to create a simple to do list web app. Look for a tutorial: "OK guys, this is really easy, it just takes five minutes."
First step, install these:
- Git
- NPM
- NodeJS
- Express
- MongoDB
- Docker
- React
Second step, npm install about one million modules. Don't question what they do or why they're there.
Before you know it, six hours have passed and you've got a code base of 3GB and you haven't even _started_ on your app.
FUCK that shit! I can create this web app with Internet Explorer and Notepad.47 -
I believe by the time Elon Musk sets up a colony on Mars, npm will be done installing those fucking dependencies.10
-
Company: "We'd like to use SQL Server Enterprise" MS: "That'll be a quarter million dollars + $20K/month" Company: "Ok!" ... Company: "We'd like to use Babel" Babel: "Ok! npm i babel --save" Company: "Cool" Babel: "Would you like to help contribute financially?" Company: "lol no"3
-
I just hate npm dependencies.
If you want to write a small website with npm dependencies (some frontend deps like Bootstrap and some development deps like gulp or babel) you will have more npm dependencies in your project than own code. It is ridiculous, how some lazy developers just add dependencies to their projects, without evaluating their dependencies. The source code of one of my projects is around 4MB (without any dependencies). If you then run yarn as required, it grows to around 80MB (where 73MB are node_modules).
This is just terrible.
I rant about this, as I made the mistake to upload my node_modules directories when restoring a backup of my server. Worst idea one could ever have.
9 -
So pm2 (a node process manager package on npm) just caused thousands of CI builds to fail because of an "optionalDependency" on a package called gkt which is requested as a tarball from a server that was returning 503. That package consists of one file which contains this
19 -
Just released my JS devRant API wrapper. It has support for posting, viewing, voting and much more. If you are interested here is the NPM package:
https://npmjs.com/package/...
11 -
A quick note about node.js security.
Decompiled Discord, a widely used chat app. Found 5 vulnerabilities (that are now reported.) Why? Severely outdated dependencies.
Cloned Mattermost, a business communication app like Slack, but open source, and (from their site) the Department of Defense uses it. Found 10 vulnerabilities (that are now reported.) Why? Severely outdated dependencies.
I get that some versions conflict, and in a fast moving enviroment, that is a huge risk - but update your damn dependencies.14 -
I just released a package that lets you use Fluent Design's Acrylic material in react if anyone is interested 🙂 I love this effects, looks really cool if you ask me 😃
https://npmjs.com/package/...
12 -
Pure evil and geniusness, this is a must read for JavaScript developers and security enthusiasts !
https://hackernoon.com/im-harvestin...
10 -
Me annoying our dev:
Me: “Is your npm watch running?”
Him: “Yes!”
Me: “You better go catch it then... 🤣”
Him: “....”
I think we gatta let him go :(5 -
Have you always been missing ads in CLI applications? Have you been wondering how to bring such modern browsing experience to CLI? NPM has solved this problem, it has CLI ads now!
https://github.com/standard/...
However, the are already people who spoil this great new experience with CLI ad blockers:
https://github.com/kethinov/...28 -
I just saw
`git add . --all&&git commit -m update&&git push`
as a npm script hook m) I don't even care, just surprised it wasn't named yolo.2 -
Laziest thing!!!??? You better ask me when I was not lazy. Framework here framework there, library here library there.
npm install 29282818 packages
Bye -
I've been working on updates to a react app for a few hours today. Everything's been peachy except this shit job, this inane change demand list, my headache, my lack of quiet places to work, ... okay, so basically everything is terrible. But I've done lots of builds, and made lots of progress.
Then suddenly: my build script failed. 30 seconds after a successful build, with no (tooling) changes in between.
Reason? Incorrect version of Sass.
How? Fucking npm.
Isn't package-lock.json supposed to prevent this crap?
FAKDLKAUSUK.14 -
$ npm audit
> found 19 vulnerabilities (10 low, 5 moderate, 3 high, 1 critical)
$ npm audit fix
> fixed 0 of 19 vulnerabilities in 11987 scanned packages
> (use `npm audit fix --force` to install breaking changes; or do it by hand)
$ npm audit fix --force
> npm WARN using --force I sure hope you know what you are doing.
Me too, buddy. Me too.1 -
Downloaded a Hello World template for a HTML/hybrid mobile app... My node_modules folder has a backup of The Internet now...4
-
Fuck npm and the whole npm community!
Seriously, what a piece of completely uncontrolled cat litter!
First experience was getting malware from an npm package which I ranted about a while ago. That it can even happen is beyond my imagination.
Second experience was today when our app broke because a fucker who wrote a library doesn't understand semantic versioning.
If you're gonna publish an npm library, please do the whole fucking world a favour and learn how to version your shit correctly, so my app doesn't break! If you do BREAKING CHANGES don't change the fucking last version number you filthy piece of garbage!
Phew, that felt good 😧3 -
Really, I hate this composer / bower / npm shitholes!
Why the hell is my app 300MBs?!? Because that shitty pudding composer decided to download the ENTIRE git including README.md, examples, 5 hours of assembly-giraffe porn, my granny's pajamas and two wraps of kebabs!
How hard is it to define the folder that contains the REQUIRED library so that our project might stay at 5MBs instead of 300?18 -
A moment of silence for the javascript devs downloading a 13MB of this guy along with their babel transpiler.
5 -
Hey look, npm broke my project again. Surprise!
Code and dependencies on my local machine, all untouched for a couple of weeks, no longer works. I've no idea how it even managed that.
Oh, and `npm update` crashes.
eventually solved by upgrading npm and running `npm update --depth 500` because some arbitrary child dependencies changed without updating the parent packages, ofc. on my local machine. without me having run `npm update` for about a month.
because of course that makes sense.
Second time in two months, too.
isn't npm great?4 -
Fuck, I just lost a node module name.
A few days ago I had an idea for a node module, checked npm to see if the name was taken and it was not. Today I was going to publish it and found out someone registered it 2 days ago.
Now I'll have to think of another name or publish it under my username...9 -
Oh yes, I very much like you, Mr. 1337-DevPro-Ultra-Haxxor. Thank you for using a boilerplate from github, that is bloated like some random female pr0nstar after an orgy. Oh and it is also very funky of you, that the setup scripts and tasks only work on Apple OSX, because using a simple gulpfile with 3 npm dependencies and 5 lines of code would not be trendy enough.
Some JS "devs" should be punished by drowning in their own feces aka a mix of bower, yarn, npm, brew and the crusty stuff that is left behind after running it.3 -
Why the hell would I apply for a job as a JS developer when you can't even write proper JS? You're advertising on fucking NPM!
18 -
When I Install An NPM Package .........
1.Runned The Install...
2.Watched the Progress Bar For 2secs
3.Got Bored, Opened Chrome for some entertaining content ( ͡° ͜ʖ ͡°)
4.Rechecked the Install after 20mins still 15%
5.Did take a break, ate something
6.Rechecked still 27%
7.Watched a little while the progress bar until I saw the Fatality.
CMD Has Stopped Working...9 -
the evolution of a js dev:
solve a problem with somebody else’s code
solve a problem with your own code
solve a problem with npm install4 -
I'm starting to hate js. Every library needs atleast 1000 other libs. I just blew the node_modules folder to 100mb with just one npm require21
-
"In fact, 97% of the code in a modern web application comes from npm. An individual developer is responsible only for the final 3% that makes their application unique and useful."
😄 3%? haha
npm report 2018
https://blog.npmjs.org/post/...14 -
I was so proud of my recent tiny little node script that I published it on npm.
I really just kinda wanted to learn how npm worked. I don't expect anyone to find any use from this.
I wrote the README in a sarcastic tone if anyone is interested in reading that
https://npmjs.com/package/...
5 -
-- So you like npm? Upgrade to version 5 to use its sweet features!
OK. Let's run `npm install npm@5`. Erm, my npm is now a broken mess, not finding `semver`.
-- Well, since you like npm you also will like yarn! It's just facebook's npm. So run `npm install yarn -g`
Yeah, but I wanted `npm@5` not `yarn`.
-- Then just run `yarn global add npm@5`. You then have npm@5.
(╯°□°)╯︵ ┻━┻
And yes, that works.5 -
It's truly amazing how much a single line of perl can do. Such a time saver.
I only wish that I could understand what it does two days later.1 -
The day a noob in the Web Development world starts becoming a Wizard, is the day they start to use Node and love it
👑🎩💻👨💻👩💻11 -
Hired a designer below me.. guy never wrote a full back nor frontend... Used npm shit for all his solutions and worked his way above me just by kissing ass and polluting the codebase in such a way 70% would be open source shitty plugins for shit he could not do by himself code wise...
At some point he assigned some of his tasks to me and I couldn't work with his patchy framework that was non existent within the codebase I worked on ...
At some point between npm installed tantrums I got pulled up to HR because my code quality dropped... And it was this fucktart that accused me of this saying I could not do modern development...
In the end I either had to butkiss after his butts or just quit, so I did the latter... I told him and HR I owned alot more code quality than this asshat but just not his way of working and therefor it was more an issue of code equality I was never aware of ...
A month after that the company got overtaken by some silicon valley bullshit company buying up competition, and he is still working within that shithole dealing with 90's tech...
Was the best thing that happened to me, after that I grew alot in skillset and such by investments from other jobs and projects... If I would still work there today I would consider myself a caveman6 -
Release management at its best:
- Github says with latest release badge: 7.0.0
- Git has tags up to version 7.0.5
- Commits talk about 7.0.17
- npm (and package.json) says 7.1.0
Thank you for breaking everything.1 -
Don't you just hate where we're going forward with these different JS frameworks and packages? WebPack, Electron and all the other ways we try to use JS for desktop development and a simple build of a tiny project taking 10 mins on an average spec core i7 machine, then overdosing on npm install since every frikn thing is now so modular you donwload a gazillion packages just to set up user authentication with a simple route manager in your app.
JavaScript is fine really for certain purposes. It's these other frameworks that try to modularize every single aspect of it that sucks. If there's anything called too modular, JS has reached it now. over-modularizing, and over-complicating everyday trivial tasks just to introduce yet another frikn package or framework.
Really missing the good'ol monolithic days of programming. I mean, modular is fine bro, but for godsakes draw the line somewhere!
#NoMoreOneLineModules3 -
Found an article on medium, which does make one think about the security of fetching things from npm and somebody "checking" the source on github.
“I’m harvesting credit card numbers and passwords from your site. Here’s how.” @D__Gilbertson https://hackernoon.com/im-harvestin...
6 -
"We live in an age where people install npm packages like they’re popping pain killers"
~ David Gilbertson2 -
Him: "I don't need source control, it's just another program that does unknown things on my source files. What if one day it stops working?? How do I get my files??"
Me: "you could say the same thing on 90% of the tools you use every day... Like when you restore npm packages by GUI"
him: "what are those? I don't use them"
Also him: "command line is vintage"2 -
Hit over 300 downloads on NPM! Not much, but it feels good and makes working on open source projects all the more worth it.
3 -
Got caught out with the js-beautify update today. Got to love the comments on the github issue...
https://github.com/beautify-web/...
5 -
`npx create-react-app blah`
`cdls blah && npm audit`
63 vulnerabilities.
good fucking job.
To be fair, they're all minor, but they're all *exactly* the same, caused by the same freaking package. Update your dependencies already!
------
`npm i --save formik && npm audit`
68 vulnerabilities, three of them critical.
ugh.6 -
I feel like the web frontend landscape has gone to hell...
It used to be a priority to develop lean front end applications that load fast and work the same on most devices. If resources are required you try to share them. I have always liked the way this was solved using CDN.
Proper workflow: include some small libs you might need, script your interactions, test site, deliver.
And now our friends of the Javascript community have discovered the nuclear science called npm... It started off as this great benefit allowing frontenders to complete entire projects in the language they know and love but I feel like it has grown into an abomination that produces bulky applications with more boilerplate configuration than actual active code...
Surely I can't be the only one who is completely fed up with the direction this is going? Is anyone else looking for a lean way of developing javascript again using only a couple of small libs instead of those monstrous frameworks.
I have even considered to develop a library that makes it easy to develop with CDN (and dependencies) in mind but I don't even know if it will be worth it as more and more people tend to move away from it.
I'm sad11 -
$ npm install ...
$ added 10 packages from 7 contributors and audited 21813 packages.
I realized that after some point you don't even think about your project dependencies growing. Because even adding 10 packages, it looks like it doesn't even changes the total number of packages. 21813, 21920, 21980... Does it even matter? Fuck.7 -
const nsfw = require('nsfw');
//Now that's a sexy name for an npm package
https://www.npmjs.com/package/nsfw1 -
I know last year suddenly lots of animated login popped out.
NPM actually uses one... and it doesn’t look that good
15 -
This is the face of NPM right now.
So, Devon Govett (Parcel creator, hella lot of GitHub stars) offered to kind of standardize package.json, but faced nothing but angry NPM-CLI creator telling him that he’s a “rando from internet” and “why the fuck are you even speccing something, and why would anyone care”. No real professionally ethical discussion, no invitation to discuss things together with team, no even polite “no”.
Definitely the friendliest behavior possible, well done!
https://mobile.twitter.com/maybekat...
7 -
unpopular opinion: javascript has broken standards, and nobody corrects it. people use these frameworks and shit with 600 dependencies, then can't figure out how to update their application when things go out of date. now people are expecting you to use NPM to make a - - > static <- - website9
-
A monk challenged me to test his patience.
I opened the terminal within a sample Angular project on a T2 Micro, typed npm install and ran away.7 -
sometimes I can't understand how I got my senior web engineer position at my age.
but then I look at my fellow senior cursing about some stuff that he doesn't understand and doesn't want to understand (today it's npm) and then I feel ok again :D2 -
"How much of a dev are you, if you use other peoples work and just glue it together?" I once asked a friend who really loves npm and everything.
I know about code reuse and maintainability and all that but geez we had a long discussion..😅5 -
I like npm errors.
So i installed nodejs on termux on my android smartphone to watch npm fail, even when I take a walk.
Great times!
5 -
Earlier this day, I was about to start a new project. So I copied my favourite gulpfile.js into that projects root and installed all dependencies with npm. After running Gulp for the first time it threw an error.
Silly me tried to fix stuff and got googling the error and trying random things... After a break of a few hours I just fucking rerun Gulp and read the fucking error completely. It stood there. The fucking solution just stood there, run "npm blah --force" to reconfigure package blah....
Of course it worked right away and I finally could start working. But this shit took way too long. Why I just can't read the fucking error message. Damn1 -
Just wrote my own webpack plugin for VueJS.
In serverless application there isn't a good way to pre render a single page web application as there is no server to do this task.
What we can do is use serverside rendering with webpack to locally (or in CI) generate the static HTML markup and include them in a template file like EJS.
In that way, the client browsers would not have to wait for the initial render and the search engines will also be happy.
This feels good! Time to upload it as a npm package 😇2 -
“Overhearing powers of the Fullstack dev”
We have an internal control panel (BEEP) to manage our dev Tomcat instances. The other day, with one of my muggle friend, I was trying to restart an instance. There’s a checkbox to clean the host tmp files and directories, ingeniously named as - Purge cache.
Innocent Me (to my muggle friend): bro would Purge cache delete the application log files?
__(Fullstack dev overhearing us)__
Muggle friend: Purge ca... (gets interrupted my the Fullstack dev)
Fullstack dev: so the thing is ... it’s like ... (gotta be consistent with the opening) what “npm purge” does is it deletes the files which are not being used.
Confused Muggle friend: bro it’s a BEEP option to clean the tmp dirs.
Fullstack dev: oh I thought you guys were talking about “npm purge”
Angry muggle friend: then WHY THE FUCK did you answer if you didn’t know [...] the fuck we were talking about.
Calm fullstack dev: FYI. Might help you someday.
Deeply-hurt Me: (what the fuck is “npm purge”). Hey man do you mean “npm prune”? Because they don’t have an npm purge. And what do you mean by “it deletes the files which are not being used”?
Confident Fullstack dev: NO
Me: (cries in npm)
More to come!5 -
NPM has this cool feature called "link" which allows you to easily link local npm packages as dependencies of other local packages for developement. It's so cool in fact that everything you run npm install it deletes all your links for fuck all reason1
-
This PWA bullshit is such pain in the ass. I hate Javascript I really do, thousands of packages from npm just to make simple frontend. crazy1
-
I just need to get this out.
NPM is not the worst dependency manager. It is way beyond any word in any language that can describe the most negative thing about it.
I developed nodejs projects. I like JS, it's a great language to work with. But not NODEJS, not NPM.
I can run my app in a F* browser but not once, not a single time that nodejs and npm can run at the first time. I spend way more time to build a working environment with nodejs and npm than to build my own app.
whoever developed these two pieces of crap had brains that filled with mud. And who gave them the courage to even put it out for people to use? JS is such a good language and they have ruined it.
There are so many dependency managers out there couldn't they just take a look at how human beings do things? I mean they have never seen APT or Composer or something else that actually work?
Or they just had so much ego that they had to let other people to feel how difficult their lives are.
I don't care about how you manage the dependency and I shouldn't. You people made these crap with one purpose that chould help others to develop easily but NOOOOOO, we have to spice it up, right? You just have to make it fat and greasy, right? You just have to make it doesn't work. I bet you people just redefined the F* CONSTANT of "How to Develope a System that Doesn't Work".
I don't know if NPM genius have ever did a information collection of their system. I bet most function that has been invoked is "throw error".
The funny thing is on NPM website, they provide Enterprise Solutions.... I would sue them for fraud.18 -
What seemed like a simple task of upgrading our angular project and adding universal to it, is slowly beginning to feel like an impossible mission.
Fuck you npm, fuck windows and fuck whoever thinks javascript/typescript can be used for every god damn thing.
I fucking give up -
That time when one of the npm modules you use gets a patch that contains a breaking change. You fix your code. Then a week later the module patches again and revert the breaking change. :/
-
I like JavaScript as a language. But I hate absolutely everything around it. All of these tools just make things more difficult. Sometimes when I clone a project I want everything there. I don't want to then wait 30 minutes to download the latest version of every library used, with at least one of them always breaking something. I don't want to have to use npm or grunt or whatever. Just give me the damn thing I need not make me spend 30 minutes running round in circles! Never have these problems in any other language!
Come on WebAssembly!11 -
security fiasco due to a malicious npm package:
Because of a bitcoin miner present in event-stream npm module (https://bleepingcomputer.com/news/...), my entire team and I had to scan all our nodejs apps, repos and the most excruciating one, all node_modules folders across all our dev machines and servers, to see if event-stream and flatmap-stream is present, then not just delete it but update a bu**load of upstream dependencies which internally used event-stream. All due to one malicious package which was hidden several layers beneath.
And, this happened almost 8 months after the aforesaid vulnerability was first found.10 -
I don't remember/saw if somebody posted it in this much detail, but here's how one developer essentially showed how broken npm once again is, by just removing all his published packages, basically breaking thousands of other packages that depended on it, very interesting read, especially to understand how npm can't be relied on.
https://theregister.co.uk/2016/03/...
http://blog.npmjs.org/post/...
https://medium.com/@mproberts/...
https://arstechnica.com/information...5 -
"Your disk is almost full..." Hmmm... I can't deal with this right now - so I search for npm_modules and just delete all of those folders... 5 minutes later - trash is empty... and the disk is not almost full.1
-
Sick and fucking tired of this bullshit.
Previously worked with Laravel, used 'gulp watch' to watch for changes in assets and now they changed things for the better of Laravel Mix as a fucking wrapper for webpack. Now I have to do shit load more stuff to get gulp working, 'cause otherwise my 'npm run watch' shits itself every fucking time I run that shit, doesn't matter what fix is aplied. Battling that bullshit for 3 days now and shit's not working anyhow. Stupid fucking bullshit. Sorry, had to let it out from myself.10 -
Friend asked me how to start a node server. I gave her starter code and told her to do “npm init” then “npm install” ur modules. This is what she did
2 -
seconds into 2019
I see one incompetent fucker asking to eval in Node.js..
A FUCKING FETCH OF A NPM MODULES IN CDNJS
you know what's the reason?
node_modules
Fucking kill me unless you're some dumb bitch who uses npm modules like some braindead motherfucker who doesn't know what a number is, node_modules takes only an average of 3.6MB
Compared to RubyGems who takes 40+
Or Pip
Seriously stop this. I wanna hang myself because my 2019 put me in a shit mood1 -
So today it finally happened.
Npm modules broke my system and / or endangered the security of my system.
Installed a global cli utility
That utility depends on package A
That depends on package B
That fucking install a bin called sudo
Yeah.. You heard it right a bin called sudo.
This bin goes in the global module folder that is piped in your path variable.
Now everytime you type sudo you are running somebody else code instead of your system utility.
I am shivering and at loss of swear words.
Opened an issue on the cli that started this matrioska game of horror.
Who the fuck tought that a bin called sudo would be a good fucking idea?
Oh and yes is even an harmless package that try to provide the sudo experience for windows (I went in to check the code of course..)
And I frigging need that cli for work
For now I aliased the sudo in my bashrc still i feel vulnerable and naked now.10 -
The moment I need internet to do things (npm with angular), but the company moved to a new building and internet is screwed. It'll still take a while to set up. So now I'm sitting here, ranting on devrant and doing nothing.
My exact face and thoughts right now:
1 -
work with npm, node and angular is a totally mess, random errors every few minutes, you need to be lucky to find the right alignment of planets to make things works...cannot wait to go back to .net and vs8
-
I am learning angular. As a beginner, I feel there is too much fiddling with this thing :-( ...anyway, I guess when you are used to it and understand why everything is the way it is it becomes normal and understandable.9
-
I learned today I can "npm install" directly from a GitHub repo. This allowed me to create a React component (viewer of gLTF files) for a 3D game and share it with my team. I know I could've published it to npm registry, but I didn't want that since it's a very specific component for our project, and private npm packages are very pricy.
Hope this random !rant will be useful for someone wanting something similar. -
So I just published my first npm library
Anyway couldn't think of any other people that would know the feelings.
https://github.com/pichardoJ/...
I'd love to get your feedback4 -
Why does everything installed via npm sux so hard?
Why the fuck does any minor update in their bullshit packages either forces you to change config files:
E.g. now should be "@babel/core" instead of "babel-core" - WHAT A FUCKING SIGNIFICANT CHANGE!!! Rewrite all you configs motherfucker, that goddamn "@" in front of our shit is SO IMPORTANT that we will break everything to add it
Or breaks the code internally:
Consider the recent fail of fucking Terser [https://github.com/gatsbyjs/gatsby/...] that breaks fucking webpack and FORCE YOU TO ROLLBACK TO ANY VERSION THAT WORKS, why you nerd retards, can not run a simple dummy project BEFORE YOU RELEASE YOUR SHIT???!?!!?
Why any fucking update from *.*.1 to *.*.2 turns into hours of googling of what the fuck got broken this time??
The way that webpack, babel and other npm packages are released nowadays is absolutely retarded. I really have a strong feeling that it is better to keep old error-proof working config and NEVER UPDATE, than constantly suffer from butthurt
p.s.
Of course I am sorry for all the hate and caps in my post, and have respect for guys that develop amazing stuff for us for free, but I need to share this5 -
So I actually prefer npm to most other package managers (with the exception of go's package handling).
Like you need to look no further than to pip's hell of package management, to start appreciating how clean npm is.
***Shots fired***6 -
Fuck NPM auto-pruning packages that aren't defined in the package file. MY SHIT RELIES ON YOU *NOT* DOING THIS, AND THIS JUST MAKES IT FUCKING BREAK, THANKS.5
-
I wonder if NPM prevents allowing a package to be it's own dependency. If not I have important trolling business to tend to.1
-
When you install npm to install an older version of npm to install a yeoman and install a generator that generates a generator.2
-
Error: Can't find Python executable "C:\Users\*****\AppData\Local\Programs\Python\Python36-32\python.EXE", you can set the PYTHON env variable.
hmmm what if I go to that location
Python 3.6.4 (v3.6.4:d48eceb, Dec 19 2017, 06:04:45) [MSC v.1900 32 bit (Intel)] on win32
ಠ_ಠ5 -
Lol, people who use npm currently experience issues as npm install returns 418 I'm a teapot
Source: https://github.com/npm/npm/...1 -
It looks like packages on npm have "disappeared".
https://github.com/npm/registry/...
Gotta love javascript.2 -
That's why we love NPM:
>npm install
*installing packages*
npm warn ........................
npm warn deprecated .....................
npm warn .......................
********** A million times more ***********
Oh it works! eh, just ignore every warning :)4 -
Fixing the npm permissions..
This should be covered by a giant red light and skulls.
If you don't see the warning you broke sudo
1 -
While setting up a node app while sitting behind draconian proxies:
- first, set $http_proxy & $https_proxy
- set git proxy
- then, npm proxy, jspm proxy and bower proxy
- followed by strictSSL to false.....
After moving to home network/VPN, change all of these proxies again. It is a never ending vicious circle :(1 -
So, one of npm packages event-stream (from flatmap-stream dep) has been found having a malware that steals bitcoins.
Source: https://dev.to/ben/...
My colleagues scanned their projects and found they are actually using those dependencies. I advice you to do the same, because let’s be honest, you guys don’t even know what you have inside your node_modules.4 -
All this small node modules in the npm repository that is a fork of another with a name that sounds almost like the other. It's a jungle. Then things are abandoned or changing name. How much i like coding nodejs based projects I really feel bad of the total mess with that repo. Freedom and a lot of projects are good. But the mess is like the flat of a young student that hasn't been cleaned in a year.
-
Finally found a free noun on npm... I realized though, I have no idea how to promote a package I've built anymore. The internet is too noisey... Hmmm, how do you successfully get the word out these days?3
-
I'm so fucking fed up with the npm ecosystem. Every single god damn time I've had to do anything it always takes DAYS to figure out how to get anything working and I always have to try multiple tools or libraries to final get it half way sorta.
I'm so fucking annoyed right now. They always turn out not that great, have lacking features or trivial oversights in functionality and ALWAYS have garbage documentation.
I just want to build a fucking npm library with TypeScript to be used with node. That's probably the NUMBER 1 use case so how fucking hard can that be?
So obviously I start out with tsc. That's quite simple, compiles all my stuff and shits out .js and .d.ts files. Okay so how do I use them via es6 import? I don't fucking know, because it doesn't work no matter what I do. The 'module' option in tsconfig is absolutely useless btw. It does *literally* fuck all. Nada. Absolutely nothing.
Okay I'm far from defeated, maybe I'll just have to bundle it. So I waste two days finding something that half works (I'm using fusebox right now) and at last I get a stupid es6 module as a single bundle... But what about type the declarations? They are nowhere to be seen and of course there's no option for that. Because Fusebox the pile of shit that's oh so well Typescript integrated apparently doesn't think TYPE DECLARATION FILES are needed. What the actual fuck.
And that's where I'm now. I need the fucking .d.ts files so I can use it as a module with import. Do I really need another fucking piece of shit tool that bundles these files? Honestly fuck all of this. "Oh the Javascript ecosystem is so great" YEAH fucking great, alright. Where 90% of the ESTABLISHED tools and libraries (we don't talk about the landfill of all the other shit) flat out don't do what you need. Again, how fucking hard can it be to make a npm lib with typescript? That should be NATIVELY SUPPORTED. If not by npm atleast by typescripts tsc.
FUCK NPM. FUCK JAVASCRIPT. AND FUCK THE WHOLE ECOSYSTEM4 -
npm is the WORST MISTAKE THAT HAS EVER HAPPEND TO SOFTWARE ENGINEERING. I HATE IT AND I REGRET EVER READING ITS DOCUMENTATION, SO MUCH WAISTE OF TIME ON ABSOLUTE JUNK8
-
!rant
Since I only have internet access via mobile phone on the way, the bandwidth varies from place to place.
Only one suggestion for all those who use NPM and do not have the space to clone the entire repository (almost 2 TB) or have a slow internet connection.
Modserv (https://github.com/wmhilton/modserv). Works flawlessly and saves a huge amount of data volume.
I've been using it for almost six months without a single problem. -
Confession: I've been installing npm packages globally using sudo for years just because I'm too lazy to set it up properly.5
-
Python, fuuuuck youuuu and your stupid packaging system, and python devs who are bashing on js you douchebags ever tried NPM !!26
-
When syncing node_modules via nfs to Vagrant it's an even better excuse than 'it's compiling' - it literally takes 2-3 hrs and the ssd request is pending for over a month now. Looks like nobody sees it as an issue...
1 -
We've been using private GitHub repos as a distribution method for our personal npm packages at work for years.
I finally got sick of it and did the work to publish them to artifactory yesterday. Today, I worked out the remaining kinks, fixed the CI builds, and wrote a wiki page explaining the change with step by step migration instructions and sent it around to the rest of the devs. And it's working great!
I feel simultaneously like a hero for finally getting this fixed and an idiot for putting up with it for so long.
Also thankful for my devops friend who helped a bunch.1 -
JavaScript libs have a massive problem with quality and especially with quality of documentation and error reporting
For the entire day I've been staring at this stupid error and can't figure it out. The documentation stating that the source function sets the source dir, but not actual saying what 'source dir' means or what paths are resolved against it is no help either
npm is actually really awesome but almost every library I've tried just fucking sucks
3 -
NPM and the whole dependency tree for JS packages should burn in the pits of hell.
Let's pretend that uninstalling a single (albeit larger) module didn't take 8 minutes and that it didn't spit out 20 warnings from a total of 277 (HOLY FUCK) related packages.
How can you guys (JS-only devs) handle this ?!17 -
I just woke up and on my computer screen there’s big announcement.
Github launching code package registry beta program.
Available repositories: npm, gem, mvn, docker, nuget.1 -
* package-lock.json * merge conflict
ME: fuck fuck fuck, C-s I-Search: HEAD
ME: this shit is much i can't handle it, fuck
ME: rm package-lock.json ; npm install1 -
It's almost 4 am
I want to continue developing my vuejs stuff
The files are in a folder on my desktop
I open the Terminal to navigate there
I type 'npm desktop'
Suddenly the whole terminal is filled with an error message
I suddenly realize why
Story of my life -
Dijkstra 1988: "Unfathomed misunderstanding is further revealed by the term 'software maintenance', as a result of which many people continue to believe that programs —and even programming languages themselves— are subject to wear and tear. Your car needs maintenance too, doesn't it?"
npm 2018: "Naaaah!" -
Just noticed that my Recycle Bin had about 130 MB of stuff in it. Peeked in and I soon found out why.
Turns out I didn't hit Shift + Delete when deleting node_modules from a React project...3 -
Had an idea for a Webb app tonight that I could use to test some new things out. Didn't get round to the new things but 3 hours later I do have my IDE set up, quarter of a billion npm modules and a gulp flow so complicated it feels like the file system is a rubicks cube...
-
Who already used Electron to create desktop apps ?
Is it simple ? Some people tell me it's similar to react-native is it true ?8 -
- Need a module to work with PDFs
- npm install
- But wait, that requires some dependencies
- And those dependencies require more dependencies
- Python not found
- Issues with env variables and wsl
*Bajillion hours later*
- poppler-qt5 not found
What the hecc is a poppler and why do I need it?
:/12 -
What do you do when you are hungry/peckish and it's late?
It's 🌃 time and I don't have anything to eat (except maybe some stupid cookies)
I wish I could do
'npm i snacks'
or
'sudo apt-get snacks'
And I would receive snacks from my computer or something..
npm might also give some extra snacks plus ingredients as dependencies 😅
Maybe I can make coffee..☕?2 -
Does anyone work on a bunch of local NPM modules wanna describe their workflow for local dev vs deploy?
I’ve got mine but it feels a little trashy. It’s basically one npm script to link all the local modules for dev and another which will npm install them in prod - is there a better way without adding more build tools?1 -
"npm i {name} - - save-dev"
-ERROR: "{name} needs {dependency} v5.0.1"
"Oh, okay, I install that one then, no problem"
"npm i {dependency@5.0.1} - - save-dev"
-ERROR: "{dependency@5.0.1} needs {dependency} v3.1.1}
"Oh, okay, makes sens I guess, I'll" install that one to then."
"npm i {dependency@3.1.1} - -save-dev"
ERROR:"Nah"
"Son of a.."8 -
use apt-get to install node and npm, use npm to install bower, use bower to install angular... Packageception.1
-
Opinions on npm inquirer. I can never decide, in some ways its super convenient. But sometimes debugging the weirdness pissed me off. I think it's pretty good for what it is, but something a lot better has got to be out there. What do you all think?
-
$ git clone some/shit.git dir
$ cd dir
$ npm install
[literally ages later]
$ du -sh node_modules
441M node_modules
fucking what???!3 -
Taking into account the way npm manages dependencies, how many modules do you think I had to include to download the whole npm?
-
$ sudo pacman -S npm
$ npm install -g @angular/cli
$ ng new crap
$ du -h crap
366M crap/
me like: "WHAT THE ACTUAL FUCK!!!1"
$ rm -rf crap
$ npm uninstall -g @angular/cli
$ sudo pacman -Rs npm1 -
Just published my first npm package. A Mongoose-like interface for Firebase.
https://npmjs.com/package/firearch/ -
Monday morning
Get to work
Open email
Ci went crazy
Slack is on fire
Some npm modules deprecated approach
Rewrite docker files
Some other npm modules disappeared.
I hate you web technologies, I hate you developers who make releases Friday night.
I hate everything.
Ffs on the weekend just build Ikea fornitures instead of fiddling with my stack!
Sigh.2 -
thought about giving React Native a try (I'm new to nodejs too).
*Downloaded node-v8.11-blah-blah.tar.xz (the LTS version)
*Installed it
*installed the react-native stuff with npm
*created a small app
*npm start
wild warning appears saying I'm using npm 5.6.0 and it has bugs and to use the latest one.
*downloaded more recent node-v9.11-blah-blah.tar.xz
*installed it
*tried again (npm start)
same wild warning again
so, it wants me to use the nightly versions ?
wtf ?3 -
npm XXXXXX -f
seems to be the only way to make it work... sadly :( Even though I have no idea what I am doing.4 -
If only NPM' security team (so pretty much NSP's) would inform the package owners as soon as they discover vulnerabilities and give them the standard 30-90 days to fix them and release a new version before going public, instead of straight out publishing the security audits which generates noise on the terminal (obviously when using npm) and on Github
-
npm fund, shamelessly plugging one single person's funding ad into the whole fucking community platform.
No, thanks. -
The moment everything works fine and you just type `npm update` out of boredom and suddenly everything breaks and you spend the rest of the day fixing it...1
-
Trying to update yarn from choco.
It didn't detect npm-lts
Got BS by install npm 9.8.0
Nothing is working right now 🤦♂️
I wanna go to gym. But it's 1clock past midnight right now.
God damn it1 -
NPM modules are supposed to make us save our time, but very often, after hours and hours of juggling I end up write by myself those fucking functions.
And I'm not talking about unknown packages made by a bored guy in a lazy Sunday, I'm talking about fucking well known modules like passport. OH MY GOD. How much sucky is the passportJS documentation? There are fucking hundreds of options and they are not referenced anywhere if not on StackOverflow. When you login in a website thousands of things can go wrong, why the hell do you always send that shitty 401 and you don't let me control the code? They are two fucking days I'm trying to fix it and I realized I could write that function in 2 minutes if I just didn't use passport. FUCK7 -
How do I know if there's a module for the problem I'm trying to solve? How do I know if there's a better module that solves the problem in a better way than the module I'm using? After I found the module, how can I use it if npmjs website contains just a skinny example and no explanation? Should I attend an advanced course for each module in repository?
-
Yarn install. It’s simple enough and I understand why it’s used but it’s just annoying having to install 150MB of stuff to be able to produce a 200KB output is file. There must be a better way?1
-
Finally published a demo packaged on npm to learn how it works.
Like it - "Npm loves you" 😜
I'll publish my own package in 2-3 days.
Tip : it seems you can't delete a npm package, you can only unpublish it. -
Looking into the source code of safe-eval. So, despite of it's name, safe-eval doesn't use eval at all.
vm.runInNewContext
And it's gonna be funny to see some people start to think, "oh it's not eval, it's not evil then" :D :D17 -
That moment when gulp run is as long as one epoch when training my neural network. How did we arrive here?
-
SSL issues when behind a proxy.. i think.
Troubleshooting and solving issues are difficult when you just follow a guide about something you need :i -
We have huuuge fuckups today with our Frontend regarding deprecated npm modules.
All of my Frontend colleagues are whining because the Jenkins build is failing.
I looked into it, there were missing dependencys that could not be found anymore.
Frontendcolleagues don’t want to do anything because it’s a „Devop problem“.
Fuck my fucking life.1 -
One of the devs stayed an entire week trying to do ‘npm install’ on one of the projects. Took a look xcode is not installed
-
I waiting for the day when I have a problem and there is no npm package that solve it already.
NoSleepjs....5 -
Guys, please be mindful of your dependencies. I just ran "npm install" and whole hell broke loose.
Imagine having to install 3.6GB of VS2017 C++ junk, just to make the damn node-sass compile.
Obviously the module needs to build on my machine, but one would expect that a nodejs module would not depend on msbuild. Funny how nature does that... -
npm you dank pile of shit!
After updating npm I get "Maximum call stack size exceeded" when I use npm install --no-bin-links as usual.
After searching a solution for this shit it seams like the npm devs fucked around with the --no-bin-links option, since this nasty error message vanishes if one downgrade npm.
These goddamn assholes.
Keep your filthy fingers off this option, since it is essentially for windows devs!11 -
Finally I understand the frustrations that is packages and dependencies in npm...
I have never really used node.js, only on windows to help develop a chrome plugin, but trying to do the same thing on Linux, omfg, how is it this bad?
On Windows I just ran the alias "npm start" and is figured out that it needed to install a bunch of stuff, did it and continued compiling.
On Linux I just got one missing dependencie after another... How is it that different?9 -
What the actual fuck, I installed lodash using "npm install --save lodash" and npm just decided to delete webpack and fuck up the webpack.dev.config.js and actually my whole project... I want to cry
Why the fuck is this fucking thing called npm falling apart at every opportunity it gets 😠1 -
Do anyone of you use a npm registry server like verdaccio for caching of packages from npmjs.org?
Today I tried verdaccio within a local docker container.
I successfully connected via npm --registry <registry-url> install
There where no errors, but verdaccio kept delivering packages with 200.
Shouldn't it be 304 since the packages already exist in the storage folder of verdacio?
14 -
For some reason installing python 3.6 broke my NPM commands so i couldnt install any modules globally. The only solution I thought of was reinstalling windows, so the full day of work has been reinstalling everything
Fun times4 -
Tried building my first npm module, which is just a wrapper for voice API that supports Angular 4+ Applications. Please check and share your feedback which helps me to improve it.
https://npmjs.com/package/... -
Can you imagine npm would manage autonomous robots?
and also some horrible mistake would need fix, otherwise somebody would be harmed.
for that you push the update, you did npm outdated 3 days ago, everything looked fine.
Npm outdated today would want you to update by 10 versions. I don't know if I'm alone, but seems weird to me that 10 versions jump has happened ... :D we know npm..
and even weirder is the output of npm outdated compared to what package.json diff: express-status-monitor current version1.1.0 latest 1.1.2
-
Say what you want about npm and node_modules, it is much better than other package management systems like pip.
Least I don't need to create an entirely new installation of nodejs every time I want to build something new that might depend on some packages that depends on an 0.0.1 version lower of another package that is used by a different project I currently have to also maintain.
P.s. I do love python overall and it's ecosystem, the package management and version control are sheer garbage.2 -
Last week, I start creating a small npm package
And I literally don't know how to create it.
Please check it for the issues and let me know
https://npmjs.com/package/...4 -
If anyone complains one more time about "windows is built upon a DLL-Hell", i will challenge this specific anyone to implement react into an existing PHP-Project.
Installing matching package versions via npm is the real struggle.
Especially if you decide to be a node psycho who's delivering his react code via webpack.
*projectile vomiting in a straight beam of acid vomit*
Wasted a complete day of my life, dealing with Facebook's naughty shit.... -
Has anyone else noticed that Inc.com article titles are extremely clickbaity? Seriously though!
Given that, I've built Wormbait for node, it "learns" from 1040 Inc.com titles and predicts if a title is clickbait or not. `npm install -g wormbait` and launch with 'wormbait "is this clickbait"'1 -
After dealing with npm libs access permissions for an hour, glorious chmod -R 777 came to the rescue.3
-
Maintained some old Dockerfile. Confused how `npm install` could possibly work as the working dir of that command was a *subfolder* with *no* `package.json`. Yet it verifyably installed into the correct package on build to the parent folder with the `package.json`. I assumed a grunt or npm script taking care of it, yet found nothing. Digging deeper, I realized: [this is by design](https://github.com/npm/npm/...).
-
Why TypeScript and Angular2 encourages you to link scripts directly from node_modules folder? What happens when you move the project to server(you know...the place that doesn't know about that folder). And how's the bundling gonna work?
5 -
Whoelse is or has struggled with the absurd problems of installing web3, the damned stuff is not installing!4
-
The amount of time I spend fixing npm dependency issues is really tilting... How does the JS community consider this solving a problem! This reminds me of Java's package issues if anything...1
-
My first writeup on medium.
hope it helps you to build npm ready angular library components
“How to built npm ready component library with Angular” https://medium.com/@mohanramphp/...
Please give claps for visibility1 -
WTF
npm ERR! publish Failed PUT 403
npm ERR! code E403
npm ERR! You cannot publish over the previously published versions: 1.1.69. : weschemajs
npm ERR! A complete log of this run can be found in:
npm ERR! /Users/lopu/.npm/_logs/2018-09-29T11_20_28_594Z-debug.log
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! wepublish@0.0.211 run: `./src/index.sh`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the wepublish@0.0.211 run script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! /Users/lopu/.npm/_logs/2018-09-29T11_20_28_638Z-debug.log
lopu@lopu-pro:~/Dropbox/git/weyoume/wepublish/dev-wepublish$ npm view weschemajs version
1.1.63
lopu@lopu-pro:~/Dropbox/git/weyoume/wepublish/dev-wepublish$ npm view weschemajs version
1.1.636 -
So I have replaced npm with yarn due to performance boost and the lockfile.
Never will there be problems with unexpected versions of dependencies!
Wait.
Why is my build writing a yarn.lock?
It turns out, if you want yarn to exit with an error code if it's out of sync with the package.json, you have to run it with:
$ yarn install --frozen-lockfile
Only then it will produce an error.
The default for it is to notice, oh, there is some new dependencies, let resolve this to the most current version I can fetch, and use that one, and write a new lockfile. Meaning you will get unknown futures of a depdency. O_o
That's totally going besides the purpose of having a lockfile in the first place. Why would anyone want this?
Action I do expect to touch the lockfile:
add / remove / upgrade
Action I do NOT expect to touch the lockfile:
install
Install should just install whatever is in there, and if it realizes it is out of sync, die with an error.
But that would make sense!
Who needs sensible defaults anyway!?3 -
Ugh! I'm trying to build a gulp-based workflow for WordPress theme development and it just isn't working (or flowing).
I'm debating whether to clear my gulpfile.js altogether and start again or attempt to build an npm-based workflow along these lines: https://keithcirkel.co.uk/how-to-us...3 -
time to head into javascript code testing, as i'm annoyed af of testing everything by hand whether my feature works and find the cause to some problems i have encountered
.... but first let me "npm init -y" and "npm i jest" (as the tutorial suggests) real quick in my git project ... whoops😯😐😶🤨 ... woah, ok ... 5000 added files, shit, dependencies 🙄... delete all ... git error😐😥
delete folder manually😪😅
resuming paused tutorial: "and if you've got a git repository, just install jest globally, do not do this in your repo!"
.... just happened to me😑😅2 -
Thought the package-lock.json file wasn't working. Turns out it wasn't being copied into the Dockerfile.
:/2 -
Every time I update node or an npm dependency and everything seems to break for a couple of hours until I pull it apart and slowly reassemble everything again.
-
After fiddling for two days with webpack and React, I gave up trying to figure out what the best way is to package my React component library for npm, so I had to take it to SO. All articles I could find used a cheap way to deal with it, using outdated(?) plugins for webpack and/or were outdated themselves. If anyone knows how to do this, please tell me over at SO: https://stackoverflow.com/q/...
-
I just helped my friend setting up Laravel on her machine. The npm is giving me headache because of the fucking permission issue. WHY THE FUCK chmod DOESN'T WORK ON WINDOWS IF POWERSHELL RECOGNIZE THE COMMAND?? Then composer says that it cannot find the autoload.php. I thought it was another permission issue end up it's because composer fuck up installing on Windows. Wasted 2 hours for this shit.
Oh and the default language she uses is French. The keyboard layout is entirely different. French is totally awesome but the typos in command is getting really annoying. :(
I'm not saying Windows is bad for general use but I think it's a bad idea for developing non-Microsoft product on Windows. I don't understand how can one bear with so much shit on Windows. Most dev tools tutorials are written in Unix system so fucking get a Mac or Linux at least!3 -
So I just published my first real npm package. It's a tool to help remember commands and aliases for future usage! It's basically to fill in the gap between keeping a list of commands you like, and editing your bashrc to include them. Check it out and tell me what you think!
https://www.npmjs.com/package/notal7 -
So it's been a burden I carried for long.
With the way I set npm up, I unconsciously did the installing process with sudo, and thus can't use npm properly without a sudo.
Is there a rather not convoluted way to set it back up so I don't have to use sudo again for that?11 -
About to write (and publish) my first npm package with TypeScript. It's basically just for json stream writing because the existing packages suck and/or don't do what I need
Guess my actual project I need this for will have to take a bit longer now -
!rant
Quite an insight
"Is npm worth $2.6M?"
http://words.steveklabnik.com/is-np...
On a read sprint and I am sharing whatever I find interesting. -
I need a package repository and I find jfrog artifactory. Seems great, except the OSS version is utterly useless. The pro version is overpriced, and does not support s3 buckets and the Enterprise version is >25k/year, just to store a half dozen npm and PHP packages on s3 storage? Are you fucking kidding me???
How can companies justify this much money for a package manager?4 -
I wish i had know about pnpm earlier. Would have prevented the gazillion of node module folders spread across my projects
-
People! Do you know if there is something similar to gulp and modules like minify, uglify, smooth, etc (for HTML, CSS and JS) that runs in Python instead of nodejs? I can't install nodejs/npm in my job because "open source software is dangerous" :)10
-
So, anyone know of a way to use an npm package as a compilation of other packages? Could I write a personal package that when installed lets the user run code from a bunch of my favorite packages? For easy system installs?4
-
I’m harvesting credit card numbers and passwords from your site. Here’s how.
The state of npm is just 😢
https://hackernoon.com/im-harvestin...1
Top Tags
Weekly Rant
View