Node.js dependency hell, visualized for the first time on GitHub! : ProgrammerHu...
source link: https://www.reddit.com/r/ProgrammerHumor/comments/75txp4/nodejs_dependency_hell_visualized_for_the_first/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Node.js dependency hell, visualized for the first time on GitHub!
Needs to play something fitting in the background.
Like O Fortuna.
Would this work? Sadly the dep hell video is a bit too short. If you play it at half speed, it works perfectly, though.
Can someone explain what I'm looking at?
This is the new "Dependency Graph" feature on GitHub. It shows the dependencies of a javascript or ruby project based on it's package.json or ruby's equivalent. This video is scrolling through an expanded view of Riot's deps - https://github.com/vector-im/riot-web/network/dependencies
someone that doesn't know how gitignore works...
I call shenanigans - there are way too many circular dependencies on that graph.
Spez edit: Ahhhh - looks like it's mixing up dev dependencies with runtime dependencies. By that logic pretty much every properly-written JS codebase in the world is going to be dependent on mocha/jasmine, eslint/eshint, grunt/gulp/webpack, etc, etc, etc.
It's like listing Visual Studio and all its DLLs and Windows as the dependencies for every Windows C/C++/C# program in the world - it's basically meaningless.
Well, now that Windows has a subsystem for Linux, you might as well add Ubuntu and every dependancy it has as well
Non v.reddit mirror?
Dependency circle?
Dependency recursion...
I just don't understand why this sub likes to shit so much on NPM. As far as I'm concerned, it's the best thing that happened to JS since Firefox.
Generally, you'd like to avoid copying and pasting code, so you write small, reusable blocks. In some languages, that's how classes and inheritance works, when you'd like to add some functionality to it, you create an interface and import it everywhere, instead of writing the same code multiple times.
In the case of JavaScript, modules do the exact same thing. There is no magic around classes, methods, or functions, everything is a variable, and with modules, you pass those variables around. It's a bit different because in JS using composition makes much more sense than inheritance, but that's just an implementation detail, the basic principle is the same. You write your code once, and import it everywhere.
The difference between NPM and libraries in languages like C is that NPM modules are much smaller and fine-grained. While in C you may have a few static-linked libraries that export huge packs of features, on NPM, most packages are simple single-use solutions, and even the others are built up from that. Using them is not the refusal to solve your own problems, it's the efficiency of just importing the solution instead of duplicating code across projects, globally.
Even larger libraries like express break up their code into small packages and then use them (for example cookie, escape-html, and path-to-regexp are all dependencies of express and also useful on their own) because this way it's not a huge monolithic library but a bunch of tiny lego bricks which you can take and reshape as you see fit.
I honestly see no problem with this. On my computer, NPM sometimes handles more packages per project than apt-get does system-wide, and I have yet to run into incompatibility issues (when semver is used correctly). It's the most advanced solution to code deduplication I've seen so far.
The bug on the image is just GitHub handling circular dependencies incorrectly. When installed, dependencies are only placed within the dependent package if multiple different versions of a single package are required.
To me, NPM is a security risk. To date, NPM still has no way to sign packages like we do for linux distro packages. NPM has also led to typo-squatting packages that can compromise projects. Not to mention the time a lot of dependencies broke from a dev pulling packages.
Recommend
-
108
-
34
The challenge of managing dependencies in Python has been described by many
-
51
Explore PostsRight wing news complains all the time about the governors of michigan, new york, and california, but the real overarching authoritarian hell hole is conservative governors like desantis for using the police to intimidate/silenc...
-
19
Christoph Wurst Free and open source softwa...
-
8
Ride Down Into JavaScript Dependency Hell Nikola Đuza on Apr 9, 2020 “I absolutely love AppSignal.” Discover AppSignal Every Ja...
-
3
Dependency Hell: Past and Future Saying that I’m from the time of the MDAC would be to break the main rule of never reveal our age. However, who really remembers Microsoft Data Access Compone...
-
11
Dependency Hell When Building A PyTorch GPU Docker Image 2022-02-09 machine-learning 281 words 2 mins read 21 times read
-
8
Windows 7 OpenLDAP Curl DLL Dependency Hell advertisements I really hope someone can be of help to me because this problem has m...
-
3
In the previous article, Node.js visualized: Event Loop, you explored how Libuv and the event loop enable asynchronous task handling in Node.js' s...
-
13
Let's stop dependency hellWritten by Tim de Jager & Wolf Vollprecht a day agoManaging dependencies, creating reproducible development environments, trying to get software to run on multiple machines and op...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK