The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,276 other followers

How many dependencies does your development eco system have?

Posted by jpluimers on 2021/02/03

About 5 years after the disaster around npm and left-pad, I wonder

  1. how many dependencies on packages or libraries your software has,
  2. how many of them have a good or excellent test suite,
  3. how many of these you are in full control of determining the exact version used and the location it is uses from.

The disaster was well phrased in [WayBack] NPM & left-pad: Have We Forgotten How To Program? – David Haney – Blogging my experiences as a developer and engineering manager. of which these topics:

  • Functions are not packages
  • Third party problems
  • Strive for few dependencies

and these quotes:

  • React, Babel, and a bunch of other high-profile packages on NPM broke. The reason they broke is rather astounding:A simple NPM package called left-pad that was a dependency of their code.
  • some of the things that I observed:
    • There’s a package called isArray that has 880,000 downloads a day, and 18 million downloads in February of 2016. It has 72 dependent NPM packages. Here’s its entire 1 line of code:return toString.call(arr) == '[object Array]';
    • There’s a package called is-positive-integer (GitHub) that is 4 lines long and as of yesterday required 3 dependencies to use. The author has since refactored it to require 0 dependencies, but I have to wonder why it wasn’t that way in the first place.
    • A fresh install of the Babel package includes 41,000 files
    • blank jspm/npm-based app template now starts with 28,000+ files
  • frameworks create a “core” library of basic functionality. Such a library is vetted by the creators of the language and pretty much guaranteed to be correct and bug-free.
  • if you cannot write a left-pad, is-positive-integer, or isArray function in 5 minutes flat (including the time you spend Googling), then you don’t actually know how to code. Any of these would make a great code screening interview question to determine whether or not a candidate can code.
  • Take on a dependency for any complex functionality that would take a lot of time, money, and/or debugging to write yourself. Things like a database access layer (ORM) or caching client should be dependencies because they’re complicated and the risk of the dependency is well worth the savings and efficiency.
  • ask the React team how well their week has been going, and whether they wish they had written those 11 lines for left-padding a string themselves.

Via: [WayBack] “There’s a package called isArray that has 880,000 downloads a day, and 18 million downloads in February of 2016. It has 72 dependent NPM packages. Here… – Elke Stangl (elkement) – Google+

Related:

–jeroen

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

 
%d bloggers like this: