Okay developers, time to have a serious talk. As you are probably already aware, this week React, Babel, and a bunch of other high-profile packages on NPM broke. The reason they broke is rather astounding.
A simple NPM package called left-pad that was a dependency of React, Babel, and other packages. One that, at the time of writing this, has 11 stars on GitHub. The entire package is 11 simple lines that implement a basic left-pad string function. In case those links ever die, here is the entire code of left-pad:
|
1
2
3
4
5
6
7
8
9
10
11
|
module.exports = leftpad;function leftpad (str, len, ch) { str = String(str); var i = -1; if (!ch && ch !== 0) ch = ' '; len = len - str.length; while (++i < len) { str = ch + str; } return str;} |
What concerns me here is that so many packages took on a dependency for a simple left padding string function, rather than taking 2 minutes to write such a basic function themselves.
As a result of learning about the left-pad disaster, I started investigating the NPM ecosystem. Here are some things that I observed:
- There’s a package called isArray that has 880,000 downloads a day, and 18 million downloads in February of 2016. It has 72 dependent NPM packages. Here’s it’s entire 1 line of code:
1
returntoString.call(arr) =='[object Array]'; - There’s a package called is-positive-integer (GitHub) that is 4 lines long and as of yesterday required 3 dependencies to use. The author has since refactored it to require 0 dependencies, but I have to wonder why it wasn’t that way in the first place.
- A fresh install of the Babel package includes 41,000 files
- A blank jspm/npm-based app template now starts with 28,000+ files
All of this leads me to wonder…
Have We Forgotten How To Program?
Source: NPM & left-pad: Have We Forgotten How To Program? | Haney Codes .NET