[Not actually OT] Trouble in node.js land
Steven D'Aprano
steve+comp.lang.python at pearwood.info
Wed Mar 23 05:03:31 EDT 2016
This is not actually off-topic, as it has relevance to open source projects
like Python: the importance of getting package management right, and not
basing your development ecosystem on cowboys who might pull the rug out from
under your feet at any time.
Ironically, this also showcases what happens when you use a language with no
batteries included, namely Javascript.
One developer just broke most of the Node.js ecosystem by removing an eleven
line package from npm (the node.js package manager, somewhat similar to
Python's pip only even more critical):
http://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/
This critical package is "left-pad". What does it do? It pads strings with
spaces from the left. It's not just spaces though, it can pad with any
character you like! Zeroes, commas, even hash signs! We truly live in an age
of miracles.
The removal of this package (along with about 250 others by the same author,
but only left-pad appears to have been noticed) crippled Node.js development
as suddenly thousands of deployed apps could no longer download their
dependencies.
The author removed his package in a fit of pique because he wasn't allowed
to continue using a trademarked name. Rather than suck it up like a grown up
and change the package name, he removed his entire collection of packages
from npm and (temporarily) broke the entire Node.js ecosystem.
https://medium.com/@azerbike/i-ve-just-liberated-my-modules-9045c06be67c
Of course, moving his allegedly infringing package "kik" to github isn't
going to fix the problem. It's still allegedly infringing.
More discussion here:
https://github.com/azer/left-pad/issues/4
https://news.ycombinator.com/item?id=11340510
https://www.reddit.com/r/programming/comments/4bjss2/an_11_line_npm_package_called_leftpad_with_only/
A colleague passed on this quote from an acquaintance of his:
"i asked an npm dev at a talk once if they were going to make a stable
version and they said javascript is not like operating systems and doesn't
need stable versions"
There's a lesson here for Python package management too. As pip becomes ever
more popular and functional, there are certain people who believe that the
whole "batteries included" philosophy of Python is outdated and unnecessary.
Why have a standard library when you can just download the most recent
version from PyPI using pip? The node.js experience shows how this can go
badly wrong.
For those curious, here's left-pad in all its glory:
module.exports = leftpad;
function leftpad (str, len, ch) {
str = String(str);
var i = -1;
if (!ch && ch !== 0) ch = ' ';
len = len - str.length;
while (++i < len) {
str = ch + str;
}
return str;
}
I leave a Python translation for the experts :-)
--
Steve
More information about the Python-list
mailing list