Forum Overview :: NetHack
 
How One Dev Broke Node, and Thousands of Projects In 11 Lines of JavaScript by Ice Cream Jonsey 03/23/2016, 7:59am PDT
Programmers were left staring at broken builds and failed installations on Tuesday after someone toppled the Jenga tower of JavaScript. A couple of hours ago, Azer Koculu unpublished more than 250 of his modules from NPM, which is a popular package manager used by JavaScript projects to install dependencies.

Koculu yanked his source code because, we're told, one of the modules was called Kik and that apparently attracted the attention of lawyers representing the instant-messaging app of the same name. According to Koculu, Kik's briefs told him to take down the module, he refused, so the lawyers went to NPM's admins claiming brand infringement. When NPM took Kik away from the developer, he was furious and unpublished all of his NPM-managed modules. 'This situation made me realize that NPM is someone's private land where corporate is more powerful than the people, and I do open source because Power To The People,' Koculu blogged.

Unfortunately, one of those dependencies was left-pad. It pads out the lefthand-side of strings with zeroes or spaces. And thousands of projects including Node and Babel relied on it. With left-pad removed from NPM, these applications and widely used bits of open-source infrastructure were unable to obtain the dependency, and thus fell over.


Not judging. I just want a place for us to talk about programming again. I like the discussions in that one forum below the line where Stew laid out some good backend languages.

Anyway, here is the article: http://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/

My initial continuous integration solution had me building a couple of our JavaScript products from source every time I deployed them. Which is cool for me to know that it builds, but it does reveal that, ah, the way some of these JS things get built seems a bit fragile to me.


ICJ

NEXT REPLY QUOTE
 
How One Dev Broke Node, and Thousands of Projects In 11 Lines of JavaScript by Ice Cream Jonsey 03/23/2016, 7:59am PDT NEW
    Anything that pulls in external dependencies will break eventually by Entropy Stew 03/23/2016, 1:04pm PDT NEW
    Email thread from guy at Kik by Entropy Stew 03/23/2016, 2:37pm PDT NEW
        Re: Email thread from guy at Kik by Ice Cream Jonsey 03/23/2016, 2:47pm PDT NEW
            The other problem is that NPM is a company and just did this by fiat by Entropy Stew 03/23/2016, 3:43pm PDT NEW
                I'm mostly angered by the scumbag company getting out of not paying money for it by Kenny Mayne 03/23/2016, 4:46pm PDT NEW
                    They did pay for it when they bought the trademark NT by Entropy Stew 03/23/2016, 8:49pm PDT NEW
                        Oooo I bought a trademark at the trademark store, bro lookit me by The Brogrammer 03/23/2016, 9:57pm PDT NEW
                            Re: Oooo I bought a trademark at the trademark store, bro lookit me by Entropy Stew 03/23/2016, 11:03pm PDT NEW
                                Ahhh! Lookit this guy! Beer me, Caltrops!! by The Brogrammer 03/24/2016, 6:54am PDT NEW
                                    You seem really familiar to me. Trying to figure out why by Welcome to Omsk 03/24/2016, 10:30am PDT NEW
                                        You don't put me in a box. I put me in a box. By box I hope you know I mean by The Brogrammer 03/24/2016, 11:39am PDT NEW
 
powered by pointy