This whole debacle mirrors Gamergate
I didn't have a bloody clue what was going on then, either.
"Yeah , lets just load in joescode.js from scrits-r-uz.net each time our page is loaded and hope it hasn't been broken/deleted/corrupted". What a brilliant development model!
Well not really much. Developers will get the dependencies as they work (using bower or whatever the JS dep manager tool of the week is), and then build a single JS file at deployment time (using webblywobblify or the JS build tool of the week), and that goes up to the server for production. I doubt anyone has every done <script src="http://randomsite.com/pad-left.js">
I'd only ever load something from a non-local site if it was something I regard as stable, popular, and coming from a robust CDN.
For client side JS, competent devs compile it into a bundle anyway and load it server side. Everyone wants you to use their CDN for some reason though.
The node package manager (npm), though, is abominable and incredibly easy to break.
I also think it's bullshit that the npm maintainer re-published his packages - if they give him the ability to unpublish his work, they are giving him the agency to do so at his choice. Someone could publish a new left-pad that does much of what his script does instead. Then he could sue them for trademark infringement and create a constitutional crisis.
Yes. This is readily apparent when you run something like NoScript. Oh, look, scripts from a dozen domains are blocked on this page. Let's temporarily allow some to try to get this thing working. Great, those have remote dependencies on scripts from another dozen domains...
ECMAScript is the C of the decade. In certain domains it's perfectly suitable, but it's widely used by people who ignore its pitfalls for purposes it is not well-suited for. It's possible to write good ECMAScript code, even for non-trivial projects, but it requires discipline - something few developers seem to care about.
Define "good" ECMAScript.
EMCAScript doesn't expose a modulus operator nor define a method of modularising applications.
In short, it's a hack lacking in almost every meaningful way the basic utilities one takes for granted in languages invented after COBOL, it's neither portable nor well-specified, both of which gave C it's longevity.
Being used by people who don't know any better is hardly a reason to drag's C's good name into the gutter.
Exactly! Is it any wonder that pages take so long to load when shitty little bits of code any beginner could knock up have to be dragged in as *live* dependencies from some 3rd party server? WTF are these people thinking? FFS, this left-pad thing was one of the exercises in BASIC programming in GCE "O" level Computer Studies (No kids, that wasn't a mistake, GCE predates GCSE, yes THAT long ago) back in about 1979 when I took the exam.
For that matter, WHY are there even code snippets like that even made available for live linking? No one could possibly own any IP on such a simple and obvious technique.
Yeah, it's not 2005 anymore. No production webapp is built that way. If yours is, you've got some shitty Web devs on your hands. You need to give them a week to learn what a gulp plugin is, or they're fired.
Did you not even bother to read this comment thread before adding to it? This has already been pointed out. Left-pad was not being "live linked", but pulled in as a static dependency at build-time. This did not "break the Web", it broke nightly builds.
Get down off your high horse before you get a nose bleed.
So, what you're saying is that your organisation's software development process can be stopped at any time by a third-party in a different jurisdiction. I'd love to have the kind of Programme Manager who'd hear that and say "Oh, the builds are broken? Because a guy in XYistan broke a module? And he's not answering his mails? That's fine. I'll tell the client that the service won't ship until an indefinite date in the future, and you guys can all go home early.."
The purpose of any build system is to produce repeatable outputs from your source-code, and to provide an audit trail for your releases. Repeatable is hard when you effectively do Lucky Dip dependency resolution. A build-system worthy of its name can check out any previous release of software by ID, and produce a binary-identical output product to that. A build process is language independent: you might need different tools, but using a particular language for development doesn't magically absolve you from responsibility.
Live-downloading isn't a "static dependency". "static" means "not moving", and you cannot guarantee that from a remote resource. You can barely even guarantee that if it's your dynamically-fetched resource. (Versioning components doesn't help you; you're still relying on strangers to not change code without re-versioning...)
So, if you're live-downloading every time you make a build, explain to me how you guarantee that those remotely-fetched dependencies don't dramatically change between the developer writing the unit tests, and your automated build system running them? There's a good way to waste development time. Also, how do you guard against someone maliciously injecting a backdoor into that crypto class you download every time you make a build.
More to the point (and this is the real reason companies spend money on revision control and build systems): Imagine it's next year, and you're being sued for doing something nasty, and to provide evidence of your innocence, you've got to set up a server with your company's software the way it was on the day of the alleged offence. How the hell are you going to rebuild it? Wayback Machine? Well done, you've just handed their lawyer the downpayment on a yacht.
ALL dependences used by a project must be accounted for. If you're not doing that, you're just wasting time and effort - you've got a glorified compiler/packager that offers no better consistency or auditing than just deploying straight off a developer's workstation.
>Left-pad was not being "live linked", but pulled in as a static (static eh?) dependency at build-time. This did not "break the Web", it broke nightly builds.
>Get down off your high horse before you get a nose bleed.
Way to reinforce the original poster's overall point Mr. Web "Developer". At least your UI follows whatever web 3.0 industry design guidelines are in fashion currently with the hipster millennials eh?
Oh yeah, you read an article and you advising developers on how to organize their work, really? Do you have any comprehension of how the entire stack works and what was actually deleted and loads from where? yeah that webpage you made in 98.... You are are demonstrating your profanity - you have no idea of how expensive it is to produce production quality, reusable code. The reason why the open source community exists is because it is efficient and reliable.. but yeah script kids, playing jenga code.
"This situation made me realize that NPM is someone’s private land where corporate is more powerful than the people"
So he moved to github lol.
Oh please, 30 years ago was 1986, the year the Spectrum 128 and BBC Master 128 were released, they were hardly long in the tooth then, 4 years old in the case of the Speccy, 5 in the case of the Beeb.
Still a great fan of both platforms, the Sinclairs for bringing computing to people who coudln't otherwise afford it and the BBC for creating an excellent machine with a structured basic, an understandable accessible OS and a proper assembler, in ROM.
Still have one of each set up here (although rather modifed/expanded to make use of modern storage solutions, CF and Ethernet in the case of the Speccy, SD in the case of the BBC (Bit banged SPI using the user VIA to do SD access)), if curious see: http://kupo.be/tpics/oldsystems20160307.jpg
Actually Basic was introduced into classes at Dartmouth College 52 years ago, and I suspect that padding a string on the left was something that cropped up in class within the first couple of years of using it as as a teaching language. By the mid-70s it was used all over the place. So I think 40 years ago is more likely than 30, and it 's quite likely that it turned up in a tutorial developed at Dartmouth 50 years ago.
"What's wrong with a repeat string function then right(lengthNeeded)?"
String.prototype.repeat didn't officially exist until last year. Yes it can be done more efficiently than repeatedly adding a single string together. (Mine takes no more than 2 × log2(N) concatenations to produce N repeats.) But typical paddings are a handful of characters, so that's probably as efficient as anything: remember we are on 64 bit machines where you can have 8 utf8 characters in a single register; concatenation is just bit shift and bitwise-or.
>Thankfully I wrote my own padStart function
This chimes with me as well. How often, in Python/Django you see an SO question that requires 20-30 lines of code.
With the recommendations to pip in package XYZ that does it for you. Now you have an external dependency for something super trivial.
JS should really tweak some basic stuff though. Even the humble sprintf seems missing. I use Handlebars for that now* but it's like swatting a fly with Yamato's 18"s.
* and mostly for templating
I really hope this gets more attention.
I hope this gains more attention because things where "Oh you can't have the word scrolls", "nice letters there.... they're ours" shouldn't be a problem when there's no chance of mixup or they're in totally different areas.
Posted AC because I never know how you guys are gonna react. Volatile gits.
PS: I wish the NPM guys put up more of a fight.
It would have been truly karmic justice if by removing the NPM code, Kik's own website went down. Do they have a website? I have no idea, it just isn't worth the bother to look at them.
Not that I would ever use them anyway as I'm quite happy with the apps I have, and I am rather unimpressed by how they took this on. Overzealous lawyers are IMHO more a corporate risk than a benefit.
Biting the hand that feeds IT © 1998–2019