When "Everything" Becomes Too Much: The npm Package Chaos of 2024 - Socket
socket.dev
external-link
An NPM user named PatrickJS launched a troll campaign with a package called "everything," which depends on all public npm packages.

Is that still a valid argument in 2024? The standard library has grown since the leftpad scandal. JS does have standard leftpad now.

It’s a genuine question, I no longer write Javascript for a living.

Compared to other languages it’s still very barebones – but admittedly some of the bloat is also because the JS world is kinda set in its ways. I still see people use jQuery for basic selector queries and SASS for basic CSS variables.

Another factor is that developers these days assume that users have fast unmetered connections. Loading 800 kB of minified gzipped JS from ten different domains is seen as no big deal. When the cost of adding piles of dependencies is considered nil there’s no impetus to avoid them.

That last point truly bothers me, too. It’s fine to have a bloated work environment (some people use Visual Studio, after all). But that complexity should not get offloaded to your users. Webdevs need to do better on this front, it’s not 2015 anymore.

Create a post

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person’s post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you’re posting long videos try to add in some form of tldr for those who don’t want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev



  • 1 user online
  • 1 user / day
  • 1 user / week
  • 1 user / month
  • 1 user / 6 months
  • 1 subscriber
  • 1.21K Posts
  • 17.8K Comments
  • Modlog