Needs to play something fitting in the background.
Like O Fortuna.

Would this work? Sadly the dep hell video is a bit too short. If you play it at half speed, it works perfectly, though.

Can someone explain what I'm looking at?

This is the new "Dependency Graph" feature on GitHub. It shows the dependencies of a javascript or ruby project based on it's package.json or ruby's equivalent. This video is scrolling through an expanded view of Riot's deps - https://github.com/vector-im/riot-web/network/dependencies

someone that doesn't know how gitignore works...

I call shenanigans - there are way too many circular dependencies on that graph.

Spez edit: Ahhhh - looks like it's mixing up dev dependencies with runtime dependencies. By that logic pretty much every properly-written JS codebase in the world is going to be dependent on mocha/jasmine, eslint/eshint, grunt/gulp/webpack, etc, etc, etc.

It's like listing Visual Studio and all its DLLs and Windows as the dependencies for every Windows C/C++/C# program in the world - it's basically meaningless.

Well, now that Windows has a subsystem for Linux, you might as well add Ubuntu and every dependancy it has as well

Non v.reddit mirror?

Dependency circle?

Dependency recursion...

I just don't understand why this sub likes to shit so much on NPM. As far as I'm concerned, it's the best thing that happened to JS since Firefox.

Generally, you'd like to avoid copying and pasting code, so you write small, reusable blocks. In some languages, that's how classes and inheritance works, when you'd like to add some functionality to it, you create an interface and import it everywhere, instead of writing the same code multiple times.

In the case of JavaScript, modules do the exact same thing. There is no magic around classes, methods, or functions, everything is a variable, and with modules, you pass those variables around. It's a bit different because in JS using composition makes much more sense than inheritance, but that's just an implementation detail, the basic principle is the same. You write your code once, and import it everywhere.

The difference between NPM and libraries in languages like C is that NPM modules are much smaller and fine-grained. While in C you may have a few static-linked libraries that export huge packs of features, on NPM, most packages are simple single-use solutions, and even the others are built up from that. Using them is not the refusal to solve your own problems, it's the efficiency of just importing the solution instead of duplicating code across projects, globally.

Even larger libraries like express break up their code into small packages and then use them (for example cookie, escape-html, and path-to-regexp are all dependencies of express and also useful on their own) because this way it's not a huge monolithic library but a bunch of tiny lego bricks which you can take and reshape as you see fit.

I honestly see no problem with this. On my computer, NPM sometimes handles more packages per project than apt-get does system-wide, and I have yet to run into incompatibility issues (when semver is used correctly). It's the most advanced solution to code deduplication I've seen so far.

The bug on the image is just GitHub handling circular dependencies incorrectly. When installed, dependencies are only placed within the dependent package if multiple different versions of a single package are required.

To me, NPM is a security risk. To date, NPM still has no way to sign packages like we do for linux distro packages. NPM has also led to typo-squatting packages that can compromise projects. Not to mention the time a lot of dependencies broke from a dev pulling packages.