How do we solve this issue?
How do we solve this issue?
Falling into your wing while paragliding is called 'gift wrapping' and turns you into a dirt torpedo pic.twitter.com/oQFKsVISkI
— Mental Videos (@MentalVids) March 15, 2023
How do we solve this issue?
Falling into your wing while paragliding is called 'gift wrapping' and turns you into a dirt torpedo pic.twitter.com/oQFKsVISkI
— Mental Videos (@MentalVids) March 15, 2023
It's not an issue. Those projects are easily replaced if the need ever truly came. While it's funny to think of how much the modern infrastructure relies on such a little one-man project, the reality is it does so because that part of the system really isn't that complicated and it's fine as-is.
>Those projects are easily replaced if the need ever truly came
HAHAHAHAHAHAHA
>Hurr, the only one capable of making that shitty service is a single rando in Nebraska
>core-js, the picture
Kill that Nebraskan homosexual.
It's not an issue...? Why do you fucking UPDOOTERS need constant changes every fucking week to basic software that has been perfected for over a decade?
OP's problem specifically occurs when a major security vulnerability is found and you need to update to stay secure. You would understand this if you've ever had a job in your life in IT. See: log4j, heartbleed, etc.
>muh logging software! It's irreplaceable! There's literally no other logging library that can log
>muh theoretical attacks! They could bring down the entire company if the stars aligned and there actually was a valid attack vector
You're really just grasping for straws at this point. Got any real examples?
I accept your concession that you're a NEET with no clue how the real world works.
Hahaha, if only you knew who you were talking to. I'm 32 and work in faang & make well over 300k, although I don't expect you to believe me. I've gone through this before with others on LULZ many times and even posted my W2 but alas there is no convincing a stubborn fuck
300k at 32 isn't exactly impressive if you are working at faang. Come on.
Gee anon, how much money do I have to make to impress you?
As someone who works for a 7 man company that writes a commercial library used by four of the top five medical billing packages in current use, I'd really rather we didn't.
so you're saying you wish for your company library to be replaced by a foss one made by an enthusiast?
That's basically the opposite of what I said, but also...
>foss enthusiasts
>being organized and competent enough to write a insurance primary/secondary billing handler with built-in support for over 700 payors
This isn't an issue that should be fixed, it's evidence the system is working as designed.
Free Software does not mean free support, patches and forks welcome after all. If the person maintaining something leaves, and that something was used by someone else used which some leeching corp used to make some "enterprise" shovelware which then got packaged into some webapp for a non-technology company fuck everyone who didn't actually write the component.
"Modern" software is far too dependent on libraries and frameworks, with not nearly enough code written from scratch for the intended user. If something isn't worth writing in-house then all the companies using that software should be paying for ongoing maintenance for perpetuity instead.
Name 1 tiny project that the entire industry is reliant on nigga
tzdata / Olsen database
https://www.theregister.com/2016/03/23/npm_left_pad_chaos/
> NPM has forcibly resurrected that particular version to keep everyone's stuff building and running as expected
Ohhh wow the carnage. People had to spend 5 minutes to rehost the dependency. Did the economy crash? Or did devs just have a minor inconvenience? This is exactly what I'm talking about you fuckheads. A literal nothing burger happened and you guys are pissing your goddamn panties about how 1 rogue dependency can bring down the literal Internet when in reality there are workarounds that take mere minutes to achieve. Like, gee I dunno... Copying that artifact to your repo and updating your dependency manifest to point to it?
This one goes for you too, dipshit
There is no logic involved, it's just basement dwellers seething about languages that actually take an approach to dependency management instead of relying on the user or OS like C and C++ do.
Java does it better. For one thing, most enterprises don't hit maven central, they hit a mirror, and those mirrors will have their own configuration for removing dead versions.
For another, it's trivial to stick any jar in .m2 and, unless force calling with -U, use that, regardless of what the upstream has done. I can build my Java programs without an Internet or company LAN connection in most cases, once the initial set up is done.
That was the best case scenario for disaster recovery. If npm wasn't legally capable of recovering the package, they'd be force to gain a replacement and back fill all other packages. Or take faker for example with the intentional malware.
You're the same dip shit that would have said "the housing market hasn't caused a serious economic crash before so it won't now" in 2007. Just because we haven't had a catastrophic event doesn't mean it can't feasibly happen.
>That was the best case scenario for disaster recovery. If npm wasn't legally capable of recovering the package, they'd be force to gain a replacement and back fill all other packages. Or take faker for example with the intentional malware.
Orrrr... Consider this: the artifacts are cached in thousands of different computers already and one of them just has to upload it somewhere? You don't actually think it's downloaded each and every time the project is built, do you?
isOdd, apparently.
>is-odd
Things that never happened for 1000, Alex
>he doesn't know
https://github.com/left-pad/left-pad/issues/4
Not the brightest bulb are you?
https://www.theregister.com/2016/03/23/npm_left_pad_chaos/
Make it illegal for independent developers to release softwares in the wild without offering proper paid support.
Make it illegal for (You) to use any library without paying for support. That's actually enforceable.
kinda looks like a cupola furnace of sorts, so I guess you just fill it up with iron and start casting
>be framework dev
>write left pad function in 2 minutes
>commit push release hotfix
>everything is fine
Realize that "reinventing the wheel" is an inherently anti-intellectual and anti-productive catch-phrase that only serves to perpetuate these disastrous dependencies. It's conditioning people to wrongly assume they should never try to learn about something if it's already made, and only use what's already there instead of making things themselves. So we're building on countless layers of unknown abstractions and forgetting how basic things work.
And I'd also argue, there really aren't many true "wheels" in software, only hastily shaven down oblongs.
Write your own network protocol to connect to LULZ. Along with your own compiler for html and JavaScript. Don't use anything anyone else has built if you don't fully understand every detail.
are you being genuine or making a facetious strawman?
I want you to curb your hyperbolic statement. Otherwise I would expect you to rely only on code you've written. You can even take it further to the material world and start pressing your own silicone.
>he doesnt make his apple pie from scratch
ngmi
This looks like Google. A company that so swallowed the diversity pill there are less than 10 people that know how it all comes together.
The whole pill type thing you talk about is interesting
They see a productive enterprise and think it is the enterprise that is productive not the component individuals
They say, hey, it is no fair that the components get the benefits of the success of the enterprise, then, they say, we must replace the components with components that did not sustain the enterprise before, and are generally untested
Voila america falls the fuck apart lmao
the thing with this is that it's less about the npm ecosystem and more about how broken JS is as a language and how fucking inept the ECMAScript committee is at adding in features that are standard in many other languages. it's a symptom of the problem, not the cause.
Other libraries (less reliant on basic faults of the language) also caused similar issues though less severe. IIRC, there were similar issues with JSON parsers (JSON.net and Newtonsoft) and .NET.
Why isn't there an actual graph of this? Should be pretty easy to build using d3
Stop using Open-soros basedftware. Easy as pie.
the internet wouldn't exist in the form we know it today if it wasn't for the idea of open source software. it would be been monetized from the start since you have to pay for software licenses on top of bandwidth/storage/etc.
though i don't expect /misc/troon tourists like you to know anything about that or the history of the internet
>the internet wouldn't exist in the form we know it today if it wasn't for the idea of open source software
Good.
>it would be been monetized from the start since you have to pay for software licenses
They'd just charge more for your data.
Internet is already monetized, you have to pay for broadband. I doubt open source software is that expensive to maintain.
Also, the internet was created to survive a nuclear attack, one that would come from the very same communists you seem to idolize.
i didn't realize russians were communist? the contrarianism in this thread is off the charts
Lenin's corpse is still on display.
imagine thinking of fucking modes of production as teams in a zero sum sports game. go to bed, grandpa. the cold war is over
Open source doesn't work, will collapse like anything communist.
By hiring people to reimplement/manage their own equivalents. Unsurprisingly, nobody wants to go through the expense.
lmao no way this is real
>picrel
>isArray()
>72 dependencies
Total webdev death. Kill webdevs. Behead webdevs. Roundhouse kick webdevs into the concrete. Crucify webdevs. Launch webdevs into the sun.
>72 dependencies
I think they meant there were 72 packages that depended on it, not that it depended on 72 packages.
>toString.call(arr)
what is this fuckery? why not just do
>arr.toString()
Because arr may be null, duh.
i dont really know but every data type has a toString() method which is different from Object.toString
The most horrifying thing about this is that Array.isArray exists.
Kill the nebraskan homosexual