Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Seriously amazing how some people just contribute that much to open source:
https://www.npmjs.com/~sindresorhus
https://patreon.com/sindresorhus/
"I actively maintain 1100+ npm packages (1 billion downloads a month) and many popular projects. You're probably depending on some of my packages in your dependency tree. For example, Webpack relies on 77 of my packages."
11 -
Laziest thing!!!??? You better ask me when I was not lazy. Framework here framework there, library here library there.
npm install 29282818 packages
Bye -
$ npm audit
> found 19 vulnerabilities (10 low, 5 moderate, 3 high, 1 critical)
$ npm audit fix
> fixed 0 of 19 vulnerabilities in 11987 scanned packages
> (use `npm audit fix --force` to install breaking changes; or do it by hand)
$ npm audit fix --force
> npm WARN using --force I sure hope you know what you are doing.
Me too, buddy. Me too.1 -
Hey look, npm broke my project again. Surprise!
Code and dependencies on my local machine, all untouched for a couple of weeks, no longer works. I've no idea how it even managed that.
Oh, and `npm update` crashes.
eventually solved by upgrading npm and running `npm update --depth 500` because some arbitrary child dependencies changed without updating the parent packages, ofc. on my local machine. without me having run `npm update` for about a month.
because of course that makes sense.
Second time in two months, too.
isn't npm great?3 -
I'm investigating PRs for a super legacy codebase. Someone else already approved the PRs -- somebody who has never even run the code or had the project set up before.
The codebase hasn't been touched in two years, and it hasn't been updated in four. It's using CoffeeScript, Node v0, Electron v0.30, and Angular 1.x. I obviously don't have a dev environment anymore, either, and my previous dev env was on Windows, so I'll have to translate my custom build utilities from batch to bash (or much more likely: node).
To make matters worse: the PRs break both the initial project setup and the project itself (NPM can no longer find some installed packages, among other problems). And. someone already merged them into master. So: fuck.
I'm going to yell at the author and tell him to fix his shit. Why? Because when I check out my last commit prior to his PRs, everything works perfectly. Surprise!
I was so done with this project two and a half years ago. I'm still so done with it. I just don't want to maintain this anymore, or honestly even look at it. I would happily rebuild the project from scratch, but updating it from the days of IE8? No way.9 -
FUCK NODEJS
FUCK NPM
FUCK ANGULAR
FUCK ALL THOSE FUCKIN PACKAGES
FUCK THIS PILE OF CRAP MAKING ME WASTE MY TIME13 -
When you have dependency issues and can't work it out...
Just run
#npm install all-packages
And wait a millennia
https://npm.io/package/...
6 -
$ npm install ...
$ added 10 packages from 7 contributors and audited 21813 packages.
I realized that after some point you don't even think about your project dependencies growing. Because even adding 10 packages, it looks like it doesn't even changes the total number of packages. 21813, 21920, 21980... Does it even matter? Fuck.7 -
Don't you just hate where we're going forward with these different JS frameworks and packages? WebPack, Electron and all the other ways we try to use JS for desktop development and a simple build of a tiny project taking 10 mins on an average spec core i7 machine, then overdosing on npm install since every frikn thing is now so modular you donwload a gazillion packages just to set up user authentication with a simple route manager in your app.
JavaScript is fine really for certain purposes. It's these other frameworks that try to modularize every single aspect of it that sucks. If there's anything called too modular, JS has reached it now. over-modularizing, and over-complicating everyday trivial tasks just to introduce yet another frikn package or framework.
Really missing the good'ol monolithic days of programming. I mean, modular is fine bro, but for godsakes draw the line somewhere!
#NoMoreOneLineModules3 -
Him: "I don't need source control, it's just another program that does unknown things on my source files. What if one day it stops working?? How do I get my files??"
Me: "you could say the same thing on 90% of the tools you use every day... Like when you restore npm packages by GUI"
him: "what are those? I don't use them"
Also him: "command line is vintage"2 -
Love it when you open up a frontend devs project and among some 50 included npm packages for a really simple project you see this
18 -
TL;DR, I do node.js now.
__________________
There's much I was working on the past weeks. First of all some of you may know I don't work in IT and therefore always am learning how to make things easier in my workspace with tech. And my boss once told me how annoyed he is converting stuff to PDF for easier sending via mail.
Then I started to build PDF converter with
PHP and the Laravel framework. My first steps into it succeeded and I could even deploy my Pdf-wizard website, but everything feels like a hustle and making this application bigger don't really seems like a enjoyable task for me.
I tried the same stuff with Node.js then. It was damn good. It was simple, because there are plenty of packages wich do this tasks on NPM. Afterwards I spent some time on doing research and ended up learning Express Framework.
This brought new inspiration to me and I wanted to share this with you guys.1 -
Have any JabbaScripters ever heard of backwards compatibility?
Nope. Because all the shit on NPM is written by 15-year olds who don't know how to code properly, not to say maintain their packages.
Fuck you.6 -
How I wasted my Sunday:
A programmer I know claimed that his Nodejs app was lightweight since it only relied on 2 dependencies (express and mongodb)
So I wrote a script to recursively transverse the npm dependency tree and count the number of dependencies there actually is
Installing those 2 packages alone means your app depends on 73 pieces of software in total
In conclusion, nothing written in Node is ever lightweight
Oh yeah, it was also Easter I guess8 -
Facebook: Ok, so we have this really cool idea for native Android and iOS app with React
Devs: Nice!
Facebook: Its gonna take away the need to work with native code!
Devs: Great!
*Reality comes in*
Reality: To make anything work you need to modify native code and use more hacks than there are useless npm packages18 -
young user @Mizukuro asked days ago for ways to improving his javascript skills.
I wasn't sure what to say at the moment, but then I thought of something.
Lodash is the most depended upon package in npm. 90k packages depend on it, more than double than the second most depended upon package (request with 40k).
Lodash was also created 6 years ago.
This means lodash has been heavily tested, and is production ready.
This means that reading and understanding its code will be very educational.
Also, every lodash function lives in its own file, and are usually very short.
This means it's also easy to understand the code.
You could start with one of the "is..." (eg isArray, isFunction).
The reason for such choice is that it's very easy to understand what these functions do from their name alone.
And you also get to see how a good coder deals with js types (which can be very impredictible sometines).
And to learn even more, read the test file for that function (located in tests/<original file name>.js. For the most part they are very readable and examples of very good testing code.
Here's the isFunction code
https://github.com/lodash/lodash/...
Here's the test for isFunction
https://github.com/lodash/lodash/...
The one thing you won't learn here is about es5, 6, or whatever.3 -
-> Contribute to Zulip's mobile app on github.
-> Contribute to babel.
-> Build 5 npm packages.
-> Dive into Haskell.
-> Have 100,000 ++s on devRant😁
-> Make a private project I built on github public.(still thinking about it).4 -
Running a fucking conda environment on windows (an update environment from the previous one that I normally use) gets to be a fucking pain in the fucking ass for no fucking reason.
First: Generate a new conda environment, for FUCKING SHITS AND GIGGLES, DO NOT SPECIFY THE PYTHON VERSION, just to see compatibility, this was an experiment, expected to fail.
Install tensorflow on said environment: It does not fucking work, not detecting cuda, the only requirement? To have the cuda dependencies installed, modified, and inside of the system path, check done, it works on 4 other fucking environments, so why not this one.
Still doesn't work, google around and found some thread on github (the errors) that has a way to fix it, do it that way, fucking magic, shit is fixed.
Very well, tensorflow is installed and detecting cuda, no biggie. HAD TO SWITCH TO PYHTHON 3,8 BECAUSE 3.9 WAS GIVING ISSUES FOR SOME UNKNOWN FUCKING REASON
Ok no problem, done.
Install jupyter lab, for which the first in all other 4 environments it works. Guess what a fuckload of errors upon executing the import of tensorflow. They go on a loop that does not fucking end.
The error: imPoRT eRrOr thE Dll waS noT loAdeD
Ok, fucking which one? who fucking knows.
I FUCKING HATE that the main language for this fucking bullshit is python. I guess the benefits of the repl, I do, but the python repl is fucking HORSESHIT compared to the one you get on: Lisp, Ruby and fucking even NODE in which error messages are still more fucking intelligent than those of fucking bullshit ass Python.
Personally? I am betting on Julia devising a smarter environment, it is a better language already, on a second note: If you are worried about A.I taking your job, don't, it requires a team of fucktards working around common basic system administration tasks to get this bullshit running in the first place.
My dream? Julia or Scala (fuck you) for a primary language in machine learning and AI, in which entire environments, with aaaaaaaaaall of the required dlls and dependencies can be downloaded and installed upon can just fucking run. A single directory structure in which shit just fucking works (reason why I like live environments like Smalltalk, but fuck you on that too) and just run your projects from there, without setting a bunch of bullshit from environment variables, cuda dlls installation phases and what not. Something that JUST FUCKING WORKS.
I.....fucking.....HATE the level of system administration required to run fucking anything nowadays, the reason why we had to create shit like devops jobs, for the sad fuckers that have to figure out environment configurations on a box just to run software.
Fuck me man development turned to shit, this is why go mod, node npm, php composer strict folder structure pipelines were created. Bitch all you want about npm, but if I can create a node_modules setting with all of the required dlls to run a project, even if this bitch weights 2.5GB for a project structure you bet your fucking ass that I would.
"YOU JUST DON'T KNOW WHAT YOU ARE DOING" YES I FUCKING DO and I will get this bullshit fixed, I will get it running just like I did the other 4 environments that I fucking use, for different versions of cuda and python and the dependency circle jerk BULLSHIT that I have to manage. But this "follow the guide and it will work, except when it does not and you are looking into obscure github errors" bullshit just takes away from valuable project time when you have a small dedicated group of developers and no sys admin or devops mastermind to resort to.
I have successfully deployed:
Java
Golang
Clojure
Python
Node
PHP
VB/C# .NET
C++
Rails
Django
Projects, and every single fucking time (save for .net, that shit just fucking works on a dedicated windows IIS server) the shit will not work with x..nT reasons. It fucking obliterates me how fucking annoying this bullshit is. And the reason why the ENTIRE FUCKING FIELD of computer science and software engineering is so fucking flawed.
But we can't all just run to simple windows bs in which we have documentation for everything. We have to spend countless hours on fucking Linux figuring shit out (fuck you also, I have been using Linux since I was 18, I am 30 now) for which graphical drivers for machine learning, cuda and whatTheFuckNot require all sorts of sys admin gymnasts to be used.
Y'all fucked up a long time ago. Smalltalk provided an all in one, easily rollable back to previous images, easily administered interfaces for this fileFuckery bullshit, and even though the JVM and the .NET environments did their best to hold shit down, and even though we had npm packages pulling the universe inside, or gomod compiling shit into one place NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO we had to do whatever the fuck we wanted to feel l337 and wanted.
Fuck all of you, fuck this field, fuck setting boxes for ML/AI and fuck every single OS in existence2 -
"How much of a dev are you, if you use other peoples work and just glue it together?" I once asked a friend who really loves npm and everything.
I know about code reuse and maintainability and all that but geez we had a long discussion..😅5 -
Gotta love npm open source packages
A developer appears to have purposefully corrupted a pair of open-source libraries on GitHub and software registry npm — “faker.js” and “colors.js”
https://snyk.io/blog/...
https://theverge.com/platform/amp/...
https://github.com/Marak/colors.js/...16 -
I like js and node in general.
But there's this thing I hate about NodeJs...
The blogs. The goddamn blogs.
Every goddamn blog post. Is code. Dozens of lines of code.
Oh, so you want X feature? Just copy paste this shit.
I swear to god, blog posts are the source versioning system to these people.
What they should instead is
a) Create a package.
b) Add tests to it.
c) Present the package to the reader with some minimal code.
But I'm a getting a huge impression that node blog writers want you to copy the code in their post, paste it in your project, and be happy with it.
Now, I'm not assuming that every person posting in medium.com is a software engineer (and by engineer I mean an engineer, not some fuckwad who begs for github stars on dev communities).
The problem to me is that they fucking SATURATE the goddamn search results.
The same goes for finding an npm package for your need, because there are so many low quality packages it's saturated too, you have too plow this stinking pile of projects that have very low quality,
and there's not a really good npm finder out there. Half of them are dead, some look and load like shit, and npm search has a low barrier for good code.
Me on rails, OTOH "ok, I need this thing", I google that and I swear to [-∞,+∞] I find GOOD packages, well designed, no cookie cutter bullshit, no obscure marketing shit on the README.md, it is very clear what this shit does, and the api is designed for HUMANS.
and it actually takes very little time to know if there's no such package.
I don't have to read dozens of fucking my-fuck-blog.io (jesus christ, the io domain has become such a fucking joke, it got fucking abused to death, there are some cool sites out there using it, but my god, James H. Marketing likes to just absorb everything he can, and the internet was not going to be a fucking exception)
does all of this make sense?3 -
Beware of NPM packages maintained by Brandon Nozaki Miller alias RIAEvangelist. He added IP-specific malware to node-ipc.
https://security.snyk.io/vuln/...
https://github.com/RIAEvangelist/...16 -
NPM has this cool feature called "link" which allows you to easily link local npm packages as dependencies of other local packages for developement. It's so cool in fact that everything you run npm install it deletes all your links for fuck all reason1
-
Had an interesting application for a web / fs position the other day. Some guy in his 40s sent a CV, along with a bunch of 5+ years old reference letters (recommending him for things like PHP 5.3 and ExtJs 4). A bit outdated but okay.
And then, he put in a list of NPM packages he used. Not just relevant frameworks like Angular & React, or tools like Webpack and Babel. No. A list. Of. NPM. Packages. There were things like UUID there, which is literary a single function!2 -
I don't know what you did yesterday, but i did make my company throw away 2 months of progress.
It all started in the beginning, since that i've made numerous complaints about the workflow or code and how to improve it. I've been told off every time, and every time i either told the boss who agreed in the end or wrote code to prove myself. Everything was a hassle and my tasks weren't better.
Team lead: you'll do X now, please do that by making Y.
Me: but Y is insecure, we should do Z.
Team lead: please do Y
Later it turns out Y is impossible and we do Z in the end...
Team lead: please do W now
Me, a few days later: i've tried and their server doesn't give http cors headers, doing W in the browser is impossible
Team lead, a few days later: have you made progress on W?
Me: * tells again it's impossible and uploads code to prove it *
Team lead: * no response *
After that i had enough. Technically i still was assigned to do W, but i used my time to look over the application and list all the things wrong with it. We had everything, giant commits, commented out code, unnecessary packages, a new commit introduced packages that crashed npm install on non-macs, angularjs-packages even though we use angular, weird logic, a security bug, all css in one file even though you can use component-specific css files...
I sent that to my boss, telling him to let the backend-guys have a look at it too and we had a meeting about this. I couldn't attend but they agreed with me completely. They decided to throw away what we have already and to let one of the backend-guys supervise our team. I guess there will be another talk with the team lead, but time will tell.
It feels so good having hope to finally escape this hellish development cycle of badly defined task, bad communication and headache-inducing merges. -
Today in some onboarding meeting i was laughing my ass off.
We were setting up the development machines that we got from the client to work on via citrix.
You guys probably know, that when you put your npm projects too nested into your filesystem, that packages randomly start not behaving because of too long file names or path names and stuff like that. That seems to be a problem with all OS (to be fair i havent actively looked for a solution, but it happened to me on Windis and Linux, so i'm just assuming here)
but even more so for some packages on Windis, when the project is not running on the same fucking drive letter than where your OS is running on. Like... wtf?
Had two UI5 projects pulled, both of them on D:. The first npm install went through flawlessly, the second one has a number of random errors, me and the other dev didn't know what they were. So what i suggested is to move this project onto C: and try it again. Turns out that was exactly it. Et voila, npm install ran through without any hiccups..6 -
I don't remember/saw if somebody posted it in this much detail, but here's how one developer essentially showed how broken npm once again is, by just removing all his published packages, basically breaking thousands of other packages that depended on it, very interesting read, especially to understand how npm can't be relied on.
https://theregister.co.uk/2016/03/...
http://blog.npmjs.org/post/...
https://medium.com/@mproberts/...
https://arstechnica.com/information...4 -
Is programming a girls dream come true?
I want a package for something so I search NPM, 50 results.
I could spend a life time browsing, shopping for packages, trying them out to see if they fit.
It's all I bloody do these days.3 -
Me: does literally anything
Npm: breaks
Why NPM? Why must you do it? This is the third time this week on a third system. I just wanted to update so my packages would work. But nooooooo. Oh you wanna update? It'd be a real shame if I, I don't know, didn't update properly whatsoever and all of a sudden couldn't find any internal modules I need to run.
"Just use npm i npm@latest"
Yeah I would except for the whole I can't use NPM at all thing. even npm -v breaks. Can't find internal module. So I literally have to wipe eveey trace of npm/node and do a clean install.
It's so frustrating! I can't do any work because I spend all my damn time fuckin around with NPM.10 -
First Happy new year, now lets get put on the dancing shoes... (I have another one coming, but this one is fresh)
As a PHP developer (yeah I am and I like it, if you gonna hate on me... go fuck yourself) I expect to not be required to reinvent the wheel when I have to use something that is not too mainstream (in my case was producing JSON and XML HAL responses). Now there are 2 (fairly active and somewhat mature), one of which does not produce XML responses, so off I went with the other one, but for fucks sake it does not produce XML that is compliant with the (draft)RFC (https://tools.ietf.org/html/...)
So as I need that, I decided to write one myself, since extending the one that provided XML would've been a waste of time, since it is NOT documented and for some reason depends on about 4 packages (also developed by the same maintainer), why the whining you ask, eh? Well fuck this shit. It took me 2(+2 classes) to achieve everything (according to standard as far as I can tell) + went with using a "hydrator" as opposed to reflection (the lib used reflection and didn't care too much for the access modified on the property of the object being serialized) so got a pretty solid performance boost, cleaner and simple code (I wrote it for a few hours and it is ugly, but hey KISS and it works perfectly)...
So with the more ranty part of this rant... Why the fuck so many people don't write independant packages for the simple parts... I don't hate it when I need a package and end up downloading half of the codebase of symfony or whatever fancy framework the dev decided to use, wasn't it the point of having 'package managers' (composer, npm, etc.. you get the deal..) instead of promote our projects and not force others to use our favorite framework that is absolutely out of scope for their projects...
Fuck you, fuck me and fuck everybody... If this continues I will continue writing my own packages from scratch, because "you" asshole are too lazy to learn and apply SOLID and common sense; even if your life depends on it you cannot write a meaningful piece of code without "the fancy framework of the month" holding your hand and allowing you to continue being a dumbass that has enough brain cells to walk straight and remember that you have to go to the toilet and not shit all over the place....
FML.... Fuck this shit and that is the main reason my gears grind the most when I head "you should use *framework name* instead" or "don't reinvent the wheel", fuck that guy I refuse to work my ways around a framework in order to get things done, my boss aint happy for that shit you know, I don't get paid to deal with your crappy code or uninformed opinion..3 -
HOW COCKSUCKING DIFFICULT CAN IT BE TO CHANGE THE FUCKING MEMORY LIMIT FOR NPM PACKAGES?!
HOLY MOTHERFUCKING SHIT.6 -
I was talking to a friend about the current state of machine learning through tensorflow and commented about the use of Javascript as a language.
He discarded the idea as he views Javascript as something that should only be used as a frontend technology rather than something to build backends or deep learning models.
I am thorn. I have always liked Javascript but will admit that I have used it mostly in the area of front end with very few backend instances(i did create a full stack intranet app in Express once, major success for the application it was hosting, it was a very basic api which had its own nosql db with no need to interact with the company's relational data, it was perfect for the occasion and still help maintaining it from time to time)
My boi states that node's biggest issue has always been npm and the quality of packages. I always contradict those statements by saying that if one uses community standards and the best packages then one does not need to worry about the quality(i.e mongoose over some unmaintained mongo wrapper etc)
I sometimes catch myself finding that my way of thinking adapts better to JS than it even does Python (which is his preference for deep learning) and whilst there are some beastly packages for python in terms of quality and usefulness such as matplotlib etc that one can do great things with the equivalent JS.
I mean, tensorflow.js came from the same wizards that did tensorflow (obviously) and i find the functional approach of JS to be more on par with how we develop solutions.
I am no deep learning expert, and sadly I have no professional experience with machine learning. But I venture to say that we should not cast aside the great strides that the JS community has done to the language in terms of evolution and tooling. Today's Js is not your grandaddy's Js and thinking that the language is crippled because of early iterations of the language would be severely biased.
What do you guys(maybe someone with professional experience) think of Js as a language for machine learning?
Do you think the language poses something worth considering in terms of tooling and power for ml?2 -
I learned today I can "npm install" directly from a GitHub repo. This allowed me to create a React component (viewer of gLTF files) for a 3D game and share it with my team. I know I could've published it to npm registry, but I didn't want that since it's a very specific component for our project, and private npm packages are very pricy.
Hope this random !rant will be useful for someone wanting something similar. -
Been working with NodeJS a lot lately. Finding it really convenient and flexible. As someone who spent a lot of time using C, it's like going from eating fruit to candy bars. Seems pretty amazing just npm installing whatever you need and working with those packages... Until you dare to look at the list of ingredients.5
-
We've been using private GitHub repos as a distribution method for our personal npm packages at work for years.
I finally got sick of it and did the work to publish them to artifactory yesterday. Today, I worked out the remaining kinks, fixed the CI builds, and wrote a wiki page explaining the change with step by step migration instructions and sent it around to the rest of the devs. And it's working great!
I feel simultaneously like a hero for finally getting this fixed and an idiot for putting up with it for so long.
Also thankful for my devops friend who helped a bunch.1 -
I recently started a new job and wanted a way to use devrant on the office. Jsrant and xmlrant both work well but I wanted something on the cmd. There are some options, but what I found relied on npm or python, which I don't have installed on the company pc.
So to browse devrant on any platform and without having to install anything, I made this simple thing using .net core. I used an existing library (GitHub.com/olegrumiancev/devRantNetCore) so that's most of the work.
It's a really stupid app and I made it for my personal use but I'll share it here in case someone else finds it useful.
github.com/CristoferCD/devrant-cli
There are compiled packages for Windows and Linux as a release.3 -
Confession: I've been installing npm packages globally using sudo for years just because I'm too lazy to set it up properly.5
-
God, so tilted right now, after having to "urgently" (joke's on them, they will get charged the urgent rate) check why some deployments weren't working due to some npm dependencies not being found.
(Just from mentioning npm you surely think I'm gonna bash JS, but no!)
I'm tilted by TS devs that don't bother to learn the very basics of git pathspecs and just add "dist" to their .gitignore, not knowing that it's gonna exclude any file or directory named "dist" *ANYWHERE* in the project.
And when your poor CI pipeline tries to transfer the build artifacts (so, keeping the .gitignore excludes but manually including node_modules and dist), it excludes the dist dir in some packages and wrecks the deployment.
Please,, please, PLEASE.
if you want to:
A) Make your entry relative to the .gitignore...
Put a slash first.
B) make it only match directories and not files...
Put a slash last.4 -
Hi friends and others. There is a task I want to automate. I want to convert .docx files to .pdf and then minify those. Are there JavaScript libraries or npm- packages which can do that? Because I would like to use Gulp or Webpack for this task. I would not mind if external APIs are involved, but I would rather not use those if not required.
Pls share your wisdom. Bye.2 -
Hey guys,
I just released my first decent npm package: https://github.com/zzyyxxww/abides
It took more work than I expected and releasing it means a lot to me since I had a non existent portfolio before this.
I wrote it because I didn't like the de facto validators and I just wanted to do things my own way.
i know creating js packages is usually ridiculed, but at least I created this with a conscience and good code coverage.
thanks for reading.4 -
Why does everything installed via npm sux so hard?
Why the fuck does any minor update in their bullshit packages either forces you to change config files:
E.g. now should be "@babel/core" instead of "babel-core" - WHAT A FUCKING SIGNIFICANT CHANGE!!! Rewrite all you configs motherfucker, that goddamn "@" in front of our shit is SO IMPORTANT that we will break everything to add it
Or breaks the code internally:
Consider the recent fail of fucking Terser [https://github.com/gatsbyjs/gatsby/...] that breaks fucking webpack and FORCE YOU TO ROLLBACK TO ANY VERSION THAT WORKS, why you nerd retards, can not run a simple dummy project BEFORE YOU RELEASE YOUR SHIT???!?!!?
Why any fucking update from *.*.1 to *.*.2 turns into hours of googling of what the fuck got broken this time??
The way that webpack, babel and other npm packages are released nowadays is absolutely retarded. I really have a strong feeling that it is better to keep old error-proof working config and NEVER UPDATE, than constantly suffer from butthurt
p.s.
Of course I am sorry for all the hate and caps in my post, and have respect for guys that develop amazing stuff for us for free, but I need to share this5 -
NPM and the whole dependency tree for JS packages should burn in the pits of hell.
Let's pretend that uninstalling a single (albeit larger) module didn't take 8 minutes and that it didn't spit out 20 warnings from a total of 277 (HOLY FUCK) related packages.
How can you guys (JS-only devs) handle this ?!15 -
That's why we love NPM:
>npm install
*installing packages*
npm warn ........................
npm warn deprecated .....................
npm warn .......................
********** A million times more ***********
Oh it works! eh, just ignore every warning :)4 -
Rust's DX is incredible. I previously published a couple packages to NPM and every step of the way i had to fight with NPM, Webpack, Rollup, Typescript and the mass of third party plugins for all of these that wired them together. Here it's literally just
cargo publish5 -
It looks like packages on npm have "disappeared".
https://github.com/npm/registry/...
Gotta love javascript.2 -
Frontend Developers
checkout this awesome vanilla frontend boilerplate.
I always wanted something like this and never found one.
the main feature is -> PHP's include like feature. eg. create nav.html and use it in multiple places.
other notable feature -> bootstrap's grid (only grid, not whole bootstrap shenanigans) for responsiveness eg. .row, .col-11, etc
and npm install to use packages within the project.
plus more checkout.
https://github.com/MinSomai/...6 -
This guy named Tschache,Using a variation of typosquatting, he uploaded his code to 3 popular communities of developers–PyPi, RubyGems, NPM–and gave them names of the 214 most downloaded packages on.
As a result, over the span of few months, his sketchy code was executed on more than 17,000 domains and more than 45,000 times. Interestingly, more than half the time his code ran with complete administrative rights. His script was also found to affect .mil domains of the US military.
How cool he is!?
Source: http://incolumitas.com/data/...1 -
To the reactjs-centered fucks who develop the popular web component viewing software called storybook: have you ever heard about semver?
89 alpha/beta/rc releases for a minor update 6.3 -> 6.4 with "100's of fixes and enhancements" "in preparation of the HUGE 7.0 release". Gee I wonder will it have 1000's of bugfixes? How bug-ridden is this software?
Every minor upgrade since 5.x is backwards-incompatible and requires a day of frustration finding out in how many more fucking NPM packages you split your codebase just because it's cool. I know move fast and break things, but some of us have other things to do than resolving node_modules incompatibilities you know. "No just hit 'npx sb upgrade' you say". I did, I really did! And the browser showed a blank screen of death with tons of cryptic React errors, it really did! Thank God you abstracted away all your dependencies in that sb command, now you can't even read the docs about what could have gone wrong with a specific sub-package. You have @storybook/html but the docs redirect to React pages, so good luck if you use something else
This is so sad... like.. the IDEA of storybook is great. But why did faith put the capacity to develop such a tool into the hands of people who think the world centers around React and JSX.. HTML should have been the default, and then you build on top of that for your fav framework, not the other way around -
Spend the same amount of time looking for and testing existing npm packages as it would take to build something from scratch.
Nothing yet, but Boss is still certain that building our own is unnecessary.
😐 -
Developing front-ends used to be about translating a business use case to an interface. Now I spend days and weeks getting tooling to integrate properly: webpack, babel, React, Vue, SSR, Nuxt, NPM packages, build & CI pipelines, storybooks, and resolving incompatibilities. It's become such a grind I haven't had a single satisfying, productive workday since 4 months.2
-
First rant!
Ah, npm... Lots of packages use ES6 syntax because it's nice to write, and then transpile to node-compatible code either with CI or a precommit script. Just spent a whole day trying to figure out what was wrong with my project, when it turns out I just had to tell webpack to ignore node_modules *except* for this specific package. Sigh.2 -
git
Linux
VLC media player
Inkscape
LibreOffice
Metalsmith js
100's of low-level NPM packages I don't know the name of2 -
I don't know how any company can keep on top of crazy npm package changes. I work in a REALLY SMALL team. We are still using bunch of deprecated packages and we keep building on top of those packages. Updating packages is always a nightmare. It's impossible to Google solution when no one is using the particular combination of deprecated packages. Fuck me4
-
I've been working with Node and Typescript for a while now, and I wrote a wide array of very general utility functions. Examples include:
- Array.filter but you also get the residue array, it can also leave holes in both arrays if you want to join them later
- Array zipping and unzipping to and from tuples (especially valuable when you're manipulating the prop set with Object.entries() in a HOC
- Array maximum selection, with an optional mapper
- Cancelable promises, lazy promises, a promise that resolves when a given function on an object is called (excellent for DOM events), a timeout promise.
- A typed event with both immediate and microtask listeners depending on whether you need state guarantees (this idea I took from a Github gist and upgraded it)
I want to put them on NPM so I don't have to write them and their tests again, and so that if I ever think of an improvement it's easier to propagate it. Do you think I should release them as tiny individual packages which would be nice from a versioning standpoint, or should I make them into a compilation which would be a lot less work for me (and therefore would probably result in better documentation and more tests)?4 -
NPM modules are supposed to make us save our time, but very often, after hours and hours of juggling I end up write by myself those fucking functions.
And I'm not talking about unknown packages made by a bored guy in a lazy Sunday, I'm talking about fucking well known modules like passport. OH MY GOD. How much sucky is the passportJS documentation? There are fucking hundreds of options and they are not referenced anywhere if not on StackOverflow. When you login in a website thousands of things can go wrong, why the hell do you always send that shitty 401 and you don't let me control the code? They are two fucking days I'm trying to fix it and I realized I could write that function in 2 minutes if I just didn't use passport. FUCK7 -
Fuck all those special snowflake npm packages who each implement their own incomprehensible documents format and even make an ugly ass website full of lies for it.
Next to JavaScript, this is the biggest reason why I hate frontend development with a passion.2 -
Why does programming with JavaScript feel like infecting yourself with and the machine with AIDS? Use a script from some random cdn here, download 46578 npm packages with triple the critical vulnerabilities there.
It feels so disgusting10 -
Please share your thoughts on Dependabot security alerts on Github, more specifically for NPM packages in package-lock.json.
In 99% of cases I've found them useless as:
- package-lock.json is in the repo, but not in the NPM package (=no value to users)
- most of the updates relate to devDependencies (=no value to users)
- it clutters the git history (and changelog if it is auto-generated) with a batch of patch updates (updated depx to .1, .2, .3) while the only important thing in the next release notes is the delta (updated depx from .1 to .3) (=no value to users)10 -
#1 clean up the internet of domains, use those beautiful and fancy TLDs - blog, photography, gallery, cloud, house, gov, xxx
#2 more fanatical - clean the internet of cat / dog / [supposedly cute animal] pictures, and later - npm packages1 -
I just read about the npm dependency incident and was confused at how someone could create a package that brings so much dependency and simply have the right to delete it? How many other vital packages can be deleted?1
-
I just found another "npm install" meme in my Twitter feed. They don't seem to get old, ever.
And then I remember that Unity Package Manager is npm under the hood. I hope this is not the future of Unity packages.
https://twitter.com/ChrisArter/...1 -
Finally I understand the frustrations that is packages and dependencies in npm...
I have never really used node.js, only on windows to help develop a chrome plugin, but trying to do the same thing on Linux, omfg, how is it this bad?
On Windows I just ran the alias "npm start" and is figured out that it needed to install a bunch of stuff, did it and continued compiling.
On Linux I just got one missing dependencie after another... How is it that different?9 -
Do anyone of you use a npm registry server like verdaccio for caching of packages from npmjs.org?
Today I tried verdaccio within a local docker container.
I successfully connected via npm --registry <registry-url> install
There where no errors, but verdaccio kept delivering packages with 200.
Shouldn't it be 304 since the packages already exist in the storage folder of verdacio?
14 -
About to write (and publish) my first npm package with TypeScript. It's basically just for json stream writing because the existing packages suck and/or don't do what I need
Guess my actual project I need this for will have to take a bit longer now -
So yeah, need money so I started looking for extra projects to develop and found a project to make "the new facebook" and it just kinda sucks.
I just got access to the whole codebase and it's done using angular, nodejs and typescript (which is cool to me), while the dude contacting me was telling me it was done in react (which is kinda a big no for me).
Well, anyway, I start by cloning the repo and the npm-i the whole thing, it's not even at 10% of the whole process and I already got like 50 deprecated packages over maybe a hundred needed (total of 2054 node modules installed).
Well I kinda don't even know where to start from this, all I know is that I'm gonna do it just for the money so I'll be a little underpaid (about 500$/month) while according to me the price should be about 1500$/month, but I can't do it full-time, so it kinda works out.4 -
Is there any way to find the users of your npm packages. I can see there is no dependent of my some npm packages but number of downloads are being increased. I've also checked Github insights dependency graph but couldn't find any.2
-
People are whining about frontend bloat, overengineering, too many packages on npm and whatnot.
And I'm just like: "Hey! You still can write your own leftpads y'know..."
I just don't get why having lots of options has to be so bad... -
Please excuse the "photo of my monitor" picture, but it really was the easiest way to do this...
So, I'm finally getting around to that to-do list item of wrapping my head around Nrwl Nx workspaces, and I stumbled onto this little gem: https://itnext.io/easy-typescript-m...
I didn't take long for the "what the fuck" moments to start cropping up, and then I decided to check what comments might have been left on Daily.dev regarding this one (see attachment).
THAT little nugget there is what led me to the ultimate "what the actually fuck" moment, which is only truly appropriate for DevRant..
Create an Nx workspaces, only to initialise a project with `npm` directly, using a path under a new `libs` folder, next to the `packages` folder, only to build the library, and literally install it into the Nx workspace's `node_modules` folder, b order to import it into the app that exist in the same workspace.
So, seriously.. like.. WHAT THE ACTUAL FUCK? What is this guy smoking?? I need to know so I can stay the fuck away from it! Wow. My brain hurts now.
7 -
So they develop this app. That uses our front end component library. That queries a GraphQL layer developed as NPM package. That uses a data service abstraction NPM package. That uses another NPM package mapper library. That queries an old REST API returning XML.
It takes days to make a newly added XML node in the bottom-most layer available in the app, requiring changes to 4 repositories and 3 NPM releases.
Refactoring is dead, because 1 change will affect all layers. And the worst part is: theres only 1 app using these packages, so no case for re-use. Overzealous separation of concerns I guess?2 -
Say what you want about npm and node_modules, it is much better than other package management systems like pip.
Least I don't need to create an entirely new installation of nodejs every time I want to build something new that might depend on some packages that depends on an 0.0.1 version lower of another package that is used by a different project I currently have to also maintain.
P.s. I do love python overall and it's ecosystem, the package management and version control are sheer garbage.2 -
Microsoft is acquiring Node package manager npm Inc., officials announced on March 16. (Neither company is sharing the purchase price.) Microsoft plans to integrate GitHub with npm with the intent of making the combined community even more appealing to JavaScript developers.
GitHub CEO Nat Friedman said " npm is a critical part of the JavaScript world. The work of the npm team over the last 10 years, and the contributions of hundreds of thousands of open source developers and maintainers, have made npm home to over 1.3 million packages with 75 billion downloads a month. Together, they've helped JavaScript become the largest developer ecosystem in the world. We at GitHub are honored to be part of the next chapter of npm's story and to help npm continue to scale to meet the needs of the fast-growing JavaScript community."
Source : Github Blog1 -
i dont know npm
today i learned `npm install` in root project directory doesn't do what running `npm install` in a subdirectory that actually has a package.json
in this case there was no package.json at the root project directory if it matters
shoutout to fucking eslint not telling me to try installing the fucking packages it can't fucking find, as im a monkey who doesnt know what their doing
well i suppose this is irrelevant since there's yarn, gulp, webpack or whatever is the new hot front end package manager thing1 -
Heres a truly vitrolic and unnecessary rant:
Package control for sublime is all well and good
through the command palette, but it's just
fucking retarded. How about you point me to a
FUCKING COMMAND to actually INSTALL A
MOTHERFUCKING PACKAGE YOU
FINGERPAINTING FUCKWITS?
Under babel plugin while browsing packages
on packagecontrol.io:
"Find it as Babel through Package Control."
FUCKING HOW?
What command?
What fucking command? How do I "Find" it?
The browse command just opens my
motherfucking browser. How do I fucking install
your fucking packages you assholes?
"Use autocomplete" except your god damn
autocomplete doesn't list "install package"
for some god damn reason because everything
web is a broken pile of utter shit, built
on a more shit, like a leaning garbage tower
of bullshit waiting for the smallest mistake to
take down the entire house of cards like
someone removing a leftpad on npm.
Maybe specify I have to enter
"install package" and THEN hit enter, and THEN
enter the GOD DAMN MOTHERFUCKING package name
on a separate god damn line for
some fucky reason.
Next time don't make a tool that breaks
motherfucking conventions. It's bad enough
every fucking look-at-me-im-smart cunt of a
dev and their dog has to invent a CLI and
then go and invent a new domain specific
language too motherfuckers.
Next tool that breaks convention around me is
gonna see the dev lit on fire.
fucking uppity cunts.
"Say thanks" the site say. I am not
feeling fucking thankful at the moment.
The least you can do if you're going to
contribute to open source, is not make things
actively fucking worse, least of all in the
fucking *documentation*.
FUCK count for this rant: 19 / 50,
RANK: RUSH HOUR TRAFFIC
0-5: GENTLE AS A LAMB
6-10: ANGRY GOAT
11-15: NUN WITH PMS
16-20: RUSH HOUR TRAFFIC
21-25: CANTANKEROUS VIETNAM VET
26-30: BREAKING SHIT
31-35: DOMESTIC DISTURBANCE
36-40: BIPOLAR EPISODE
41-45: DESPAIR EVENT HORIZON
46-50: BROKEN CAPSLOCK
50+ : MIDLIFE CRISIS / MASTER GRAND WIZARD
OF RANTS AND ANGRY-WORD MASTURBATION.
If you prefer to cheat, you may also include any
cursewords in general, but be warned, you'll
never know the sweet taste of victory when you
achieve the rank of master grand wizard.
Like when you were a kid, and you discovered
gameshark, and all your hopes of finishing that
one game became but a ruthlessly hollowed out
husk, somewhere where could-have-been childhood
memories and nostalgia go to die like the
graveyard of dreams
(the same place officer workers souls go).4 -
I had been assigned a task to create a cross-platform desktop application that keeps track of the expiry of a certain product and notify in real-time.
So, my journey to create such an application starts today and the list below describes the first few hours.
1. Google/Date and time in javascript
2. Google/Javascript date object
3. W3school/Time in javascript
4. W3school/Javascript date getTime() method
5. Google/Are electron.js applications platform independent
6. Google/Dart for desktop applications
7. Google/Is dart cross-platform
8. Google/Best desktop application framework
9. Google/Python for desktop app development
10. Freecodecamp/How to build your first desktop application in python
11. Google/Pyqt
12. Google/Which is the best technology to build cross-platform desktop application
13. Google/Cross-platform desktop app development for windows mac and linux
14. Udemy / cross platform desktop app development for windows mac and linux
15. Youtube/ electron desktop app, demo
16. Youtube/ electron.js is obsolete
17. Youtube/Neutralinojs
18. Youtube/ neutralinojs tutorial
19. Google/Neutralinojs or electronjs
20. Google/Math.js
21. Google/Math.js/JS Bin
22. Google/Cannot find package “math.js”
23. StackOverFlow/How do I resolve “cannot find module” error using Node.js
24. Google/ is it better to install npm packages locally
25. Quora/ why should you stop installing NPM packages globally
26. Google/ what is nvm
27. Google/nvm version check
28. Stackoverflow/node version management on windows
29. Github/coreybutler/nvm-windows: a nvm for windows. Ironically written in Go
30. Google/how to uninstall a npm package
31. Npm docs/uninstalling packages and dependencies
32. Google/require in javascript
33. Youtube/how to install electronjs
34. Youtube/electronjs in 100s(fireship.io)
35. Roryok.com/electronjs memory usage compared to other cross-platform frameworks
36. Google/is electronjs memory hungry
37. Youtube/sql in one hour
38. Youtube/learn sql in 60 mins
39. Geeksforgeeks/connect mysql with node app
40. Stackoverflow/How to return to previous directory using cmd
41. Stackoverflow/how to require using const
42. Geeksforgeeks/difference between require and es6 import and export
TO BE CONTINUED...1 -
I need a package repository and I find jfrog artifactory. Seems great, except the OSS version is utterly useless. The pro version is overpriced, and does not support s3 buckets and the Enterprise version is >25k/year, just to store a half dozen npm and PHP packages on s3 storage? Are you fucking kidding me???
How can companies justify this much money for a package manager?9 -
Building atom on an RPI 2 with this fuckstickle of a package manager is a bloody nightmare. Works without issue on Raspbian Jessie, implodes into a spectacular clusterfuckeroni on Raspbian Stretch.
Been on it since yesterday, 10/10 weekend saved. -
I'm trying to get started in making language syntax packages for Atom, mostly for two languages that are not so used as of yet though (Lisaac and S-SIZE), but I wonder: does one really have to upload the package to npm in order to be able to use it in Atom yourself?
-
Trying to make a nodejs backend is pure hell. It doesn't contain much builtin functionality in the first place and so you are forced to get a sea of smaller packages to make something that should be already baked in to happen. Momentjs and dayjs has thought nodejs devs nothing about the fact node runtime must not be as restrained as a browser js runtime. Now we are getting temporal api in browser js runtime and hopefully we can finally handle timezone hell without going insane. But this highlights the issue with node. Why wait for it to be included in js standard to finally be a thing. develop it beforehand. why are you beholden to Ecma standard. They write standards for web browser not node backend for god sake.
Also, authentication shouldn't be that complicated. I shouldn't be forced to create my own auth. In laravel scaffolding is already there and is asking you to get it going. In nodejs you have to get jwt working. I understand that you can get such scaffolding online with git clone but why? why express doesn't provide buildtin functions for authentication? Why for gods sake, you "npm install bcrypt"? I have to hash my own password before hand. I mean, realistically speaking nodejs is builtin with cryptography libraries. Hashmap literally uses hashing. Why can't it be builtin. I supposed any API needed auth. Instead I have to sign and verfiy my token and create middlewares for the job of making sure routes are protected.
I like the concept of bidirectional communication of node and the ugly thing, it's not impressive. any goddamn programming language used for web dev should realistically sustain two-way communication. It just a question of scaling, but if you have a backend that leverages usockets you can never go wrong. Because it's written in c. Just keep server running and sending data packets and responding to them, and don't finalize request and clean up after you serve it just keep waiting for new event.
Anyway, I hope out of this confused mess we call nodejs backend comes clean solutions just like Laravel came to clean the mess that was PHP backend back then.
Express is overrated by the way, and mongodb feels like a really ludicrous idea. we now need graphql in goddamn backend because of mongodb and it's cousins of nosql databases.7 -
Running npx google-artifactregistry-auth in three simple steps:
1. Run npx google-artifactregistry-auth
2. Interrupt the process because it will inevitably get stuck on retrieving credentials
3. Run npx google-artifactregistry-auth
Then to install packages you need just 3 simple steps!
1. Run npm i
2. Interrupt when it gets stuck on reify
3. Run npm i3
Top Tags
Weekly Rant
View