When "Everything" Becomes Too Much: The npm Package Chaos of 2024 - Socket
socket.dev
external-link
An NPM user named PatrickJS launched a troll campaign with a package called "everything," which depends on all public npm packages.

It’s saner, not perfect. With virtualenvs it does basically what you describe except that it re-downloads everything for every virtualenv, but that does not typically matter much since it’s not downloading a billion dependencies.

With NPM there’s no choice but to have hundreds of duplicates installed for every project, that’s not just inefficient but it is a security, maintainability, and auditability nightmare.

NPM is definitely saner for that use case because it works out of the box. Pip is not because it is based on shakier foundations. With NPM, you don’t get to a point where you rely on things to work correctly, and they suddenly don’t and you have trouble understanding why. And it does not force me to look at its nuts and bolts to allow me to work with it.

I can afford big node_modules directories, even if it’s not optimal. It’s still small compared to the cruft I’ve accumulated on other projects I’ve worked on with other technologies. Remember the order of priority of things: make it work >> make it efficient. Software engineering is about delivering software, it’s not an art. It doesn’t have to be pretty everywhere.

I will concede that NPM is not perfect. Despite its flaws, I love how Conan solves the issue we’re talking about.

Create a post

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person’s post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you’re posting long videos try to add in some form of tldr for those who don’t want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev



  • 1 user online
  • 1 user / day
  • 1 user / week
  • 1 user / month
  • 1 user / 6 months
  • 1 subscriber
  • 1.21K Posts
  • 17.8K Comments
  • Modlog