If I'm a package.json "coffee" will be listed in my "devDependencies"

So we had a dev on our team who was on a performance improvement plan, wasn't going to pass it, but decided to quit before it was over saving us 2 weeks.

I was ecstatic when he left (caused us hell). I knew updating his code wouldn't be great, but he was only here 6 months

"how bad could it be" - practiseSafeHex - moron, idiot, suicidal.

A little run down would be:

- Despite the fact that we use Angular 2+, one of his apps is Angular 1 ... Nobody on the team has ever used Angular 1.

- According to his package.json he seems to require both mongoDb and Cloudant (couchDb).

- Opened up a config file (in plaintext) to find all the API keys and tokens.

- Had to rename all the projects (micro services) because they are all following a different style of camelcase and it was upsetting my soul.

- All the projects have a "src" folder for ... you know ... the source code, except sometimes we've decided to not use it for you know, reasons.

- Indentation is a mess.

- He has ... its like ... ok I don't even know wtf that is suppose to be.

- Curly braces follow a different pattern depending on the file you open. Sometimes even what function you look at.

- The only comments, are ones that are not needed. For example 30+ lines of business logic and model manipulation ... no comment. But thank god we have a comment over `Fs.readFile(...)` saying /* Read the config file */. Praise Jesus for that one, would have taken me all week to figure that out.

Managers have been asking me how long the "clean up" will take. They've been pushing me towards doing as little as possible and just starting the new features on top of this ... this "code".

The answer will be ... no ... its getting deleted, any machine its ever been on is getting burned, and any mention of it will be grounds for death.

*Me explaining how to use npm to my colleague (senior dev)*

M: So from the command line you just need to move to the directory with the package.json first

C: Uhm right
C: *types ‘move dir’*

M: Aight just give me the keyboard

How does a senior developer not know how to use cd in a command line?

I just removed a couple of packages from package.json and my compiled war went from 53 MB to 37 MB.

What the heck are you downloading node? I don't like such bloated packages.

It literally just happened:

my boss taught me how to use npm, bower and similar to have plugins while developing websites.

This time around we had a project which is divided among different repositories.

One was a foundation project using npm to build, the other one was a socket.io server, using actual nodejs

boss thought: "well they both have node_modules, let's merge them and merge the package.json as well

Nothing worked anymore.

Who here is programming with React Native and is crying about it?

It's so volatile. Shit it has done so far:

- Randomly changed my IP location that it serves to and npm start that shows the welcome information keeps the old IP address, so I spent way too long trying to figure out why it wasn't working.

- Constantly having to rm -rf the node modules and npm i them because Expo randomly starts loading so slowly that you want to scream.

- Downgrading my react-native-scripts version in the package.json because it hangs forever on the starting packager.

- I also had to downgrade my expo dependencies because during one of my node module reinstalls, it would update the version and apparently Expo is incompatible with its own updated version.

And now I'm randomly getting an error that's apparently a known bug in one of the react dependencies and now I have to downgrade that as well.

Just. Why.

Realized there was a bug in my npm package that made it hard to update the state of the input field conditionally (rather than explicitly through user action) and fixed it, wrote tests to ensure it was working the way I thought it was, updated the dist, updated the package version, merged, cut a GitHub release...

Then uninstalled and reinstalled it in the project I’m using it in and it didn’t work. What the eff, I think. Take a couple hours furiously trying to figure out why the hell the behavior doesn’t seem to match the behavior of the new version.

Then it dawns on me. I check the package.json.

“react-autosuggestions”: “^2.1.0”

.... I forgot to do the “npm publish” step.

*head desk*

Angular is still a pile of steaming donkey shit in 2023 and whoever thinks the opposite is either a damn js hipster (you know, those types that put js in everything they do and that run like a fly on a lot of turds form one js framework to the next saying "hey you tried this cool framework, this will solve everything" everytime), or you don't understand anything about software developement.

I am a 14 year developer so don't even try to tell me you don't understand this so you complain.
I build every fucking thing imaginable. from firmware interfaces for high level languaces from C++, to RFID low level reading code, to full blown business level web apps (yes, unluckily even with js, and yes, even with Angular up to Angular15, Vue, React etc etc), barcode scanning and windows ce embedded systems, every flavour of sql and documental db, vectorial db code, tech assistance and help desk on every OS, every kind of .NET/C# flavour (Xamarin, CE, WPF, Net framework, net core, .NET 5-8 etc etc) and many more

Everytime, since I've put my hands on angularJs, up from angular 2, angular 8, and now angular 15 (the only 3 version I've touched) I'm always baffled on how bad and stupid that dumpster fire shit excuse of a framework is.

They added observables everywhere to look cool and it's not necessary.
They care about making it look "hey we use observables, we are coo, up to date and reactive!!11!!1!" and they can't even fix their shit with the change detection mechanism, a notorious shitty patchwork of bugs since earlier angular version.

They literally built a whole ecosystem of shitty hacks around it to make it work and it's 100x times complex than anything else comparable around. except maybe for vanilla js (fucking js).

I don't event want todig in in the shit pool that is their whole ecosystem of tooling (webpack, npm, ng-something, angular.json, package.json), they are just too ridiculous to even be mentioned.

Countless time I dwelled the humongous mazes of those unstable, unrealiable shitty files/tools that give more troubles than those that solve.

I am here again, building the nth business critical web portal in angular 16 (latest sack of purtrid shit they put out) and like Pink Floyd says "What we found, same old fears".
Nothing changed, it's the same unintelligible product of the mind of a total dumbass.

Fuck off js, I will not find peace until Brendan Eich dies of some agonizing illness or by my hands

I don't write many rants but this, I've been keeping it inside my chest for too long.

I fucking hate js and I want to open the head of js creator like the doom marine on berserk

Used a starter to scaffold a new project. Have never used that starter before but it has more than 1400 starts on Github.

Two days after.... so far so good. The created project structure used some tools I haven't used before, some are good, others are not so good, but anyway I am towards the first release of my codes. I have done countless 'npm run build', 'npm run test', 'npm run fix', etc., but.... my fault, I haven't committed once since starting the project, thinking I would commit when the next function is implemented, next test case passed.... after all, what could go wrong anyway?

Finally, one last test case passed, I think I will commit and run 'npm publish'.... but wait, had a glimpse of the scripts section in package.json, there's a command named 'all'. An voice came out of nowhere was talking to my subconscious mind, "all.... build, lint, prettier, test..... yeah you should run all... it's another build script, the worst you can get is just some harmless error messages.....", and my fingers typed 'npm run all'...

Time stopped for a few seconds, file structure in project explorer was shifting, files & folders were disappearing & appearing, what's happening... and I looked at the 'all' script closely for the first time....

WHAT THE HELL, WHO SHOULD PUT 'git reset --hard' IN A BUILD SCRIPT WITHOUT ANY PROMPT????!!!!!!!

MY PLAN WAS TO COMMIT AND GO TO SLEEP, IT'S 1AM NOW!!! WHERE CAN I RECOVER THE LOST FILES????

Are you.. are you telling me .. that every time ..... every time ..... I've been running ..... npm i something .... it's been putting ^version into my ..... package.json file ?!?!?!?!!? SO THAT IN THE FUTURE WHEN I COME BACK TO THE PROJECT AND DO A FRESH NPM I .... THE VERSIONS WILL ALL UPDATE .... AND THAT'S WHY I'M ALWAYS DEALING WITH BUGS WHEN COMING BACK TO PROJECTS EVEN THOUGH IT WAS WORKING WHEN I LEFT IT A FEW MONTHS AGO.

FUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU

Was wondering why my script wasn't working. Added it to my node modules. Imported the style sheet with a require. Checked the gulp config file. Made sure it was in my pipeline. Checked my webpack settings and made sure jquery was loaded first. Checked my version on npm, crossed referenced with my package.json file. Why isn't it working....forgot to add the script tag in my html😤

If the package.json is longer than your actual code this maybe shouldnt be a package. Just saying.

I think all the frequent editing of AUTOEXEC.BAT and CONFIG.SYS in my younger years prepared me well for webpack.config.js and package.json.

So my IT teacher wrote his own web server framework for NodeJS and he forces us to use it for assignments. Would be fine if:
1. It worked properly.
2. It had any kind of documentation.
3. He knew how it worked.

But no, we have to debug his shit and edit the js files in node_modules to get shit working.

Is he open to suggestions? Not really. If you have a fix, you have to create a gitlab account and send a pr. Even if you tell him what exactly is wrong. He won't do anything about it.

Why use express when we can learn something we'll never use again?

At this point I think we're using it only so that he gets downloads on npm.

Oh ya, he also copies package.json from project to project instead of creating a new one with up to date dependencies.

🙃

My laptop charger is dead and my laptop can't work without it. So, basically I can't even look at code.

Colleague calls, says there is a problem with package.json and it requires my immediate attention as the APIs need to be deployed.

Me enters Sherlock mode, and remembers that I have a git hook which took a backup of my code every time I pushed and saved it on my headless tiny CHIP.

I get excited, and do an SSH from my phone, hoping to see the faulty code/file. But all I see is an outdated repository because I am an idiot who forgot to turn the fucking CHIP on after I shut it down for cleaning.

This is the most anti climatic ending I have been ever part of.

When your colleague doesn't add a dependency to package.json and the distribution stops working.
Am I the only one who has got such idiot colleagues? It blows my head every fucking time , I wish I could kill people.

I might be new to webdev , but wtf is wrong with imports in js ?

html seems to get the only decent way of dealing with js: all the files mentioned in subsequent <script> tags can access the functions of previous file

but when it comes to those generated html content(aka react projects) and servers, nobody seems to come to an agreement : react guys uses import while server people uses require. and both of these can't be used in the same file : import works in mjs files (or usual files too if type is defined as module) while require works in cjs file (or usual js files if type is NOT defined as module)

so i kind of like imports for its elegance and resembelence to java imports. and i might have got into some errors in unrelated areas , so my package.json has type=module . i want to use some cjs package (jsonwebtoken) and that shit for the love of god won't work with import, so i gotta use it with cjs file and then the whole project can't use that crappy cjs file.

WTAF ? has web world not got matured enough to not have this shitty import export situation?should i write caveman code and convert everything to require(..) ?

fuck me

"You broke the build"

o.O

Me checking the build.

Oh. There's a weird 500 from github.

Oh yeah:

Error 503 first byte timeout

on the package.json of some node dependency.

That's what you get for relying on the cloud.

I am a Technical Lead in the department in my company that writes code for our clients that have money but doesn't have the technical expertise to handle the complexities of our own software.

Part of my tasks involve taking care of a few projects written by employees that have left after using third-party tools rather than using our own software. No one else in this department knows these third-party tools, they only know our own, and my *still limited* web development experience means I get dumped these things in my lap.

And I'm SO pissed at these projects and their authors and the manager that let these ex-employees write these things. There is this one project that was managed by two different "developers" (I don't know they deserve this title) at two different times, and it is so riddled with different technologies it makes me want to throw up almost daily.

Don't believe me? Here is a complete list of the dependencies listed in the package.json of this project: babel-polyfill, body-parser, cookie-parser, debug, edge, edge-sql, excel-to-json, exceljs, express, html-inline, jade, morgan, mssql, mysql, pug, ramda, request, rotating-file-stream, serve-favicon, webpack, xlsx, xml2js

What this doesn't even show, is that one part of this project (literally one page) is made using react, react-dom, react-redux, and jade. The other part (again literally one page) is made using Angular and Pug. In case you missed it while picking up your jaw, there's also mssql, mysql, edge and edge-sql. excel-to-json, exceljs, xlsx.

Oh you want *more* juicy details? This project takes the entire data object used by the front-end, stringifies it into JSON, and shoves it into the database *as a single field*. And instead of doing WHERE clauses in the SQL queries, it grabs the entire table, loops, parses the json, and does a condition on it. If even one of those JSON entries gets corrupted, the entire solution breaks because these "developers" don't know what try/catch is.

The client asked for a very simple change in their app, which was to add a button that queries the back-end for a URL, shows it in a modal dialog, after which a button is clicked to verify the link by doing a second query to the back-end before modifying a couple of fields in the page.

This. Took. Me. Two. Months*. Save me. Please, save me.

*between constant context switches between this and other projects that were continuously failing because of their mistakes.

Upgrading frontend JS node webpack apps created from boilerplates or cli creators including versions in package.json

My brain already hurts only thinking about it.

Reading someone's legacy package.json
{
.... stuff
"licence": ....,
"dependencies": { .... },
"bugs": "run for the hills"
.....
}
what is this? am I supposed to find an issue tracker in some unnamed hills

How to run PHP in a container :
1. Begin a docker file for an existing php cron app (when all you know is php, everything looks like a php app)
2. Set the FROM.. Apt get update .. Do composer install
3. Builds the image
4. Discover I need git
5. Add git to apt get install step
6. Builds the image
7. Launch the php script
8. Fatal : use of undefined constant SOL_UDP
9. Opens the source code of the third party. The there's no mention of where that constant is from.
10. Spend many minutes online to find what's missing.
11. Find the PHP sockets page about that option. Digs into the documentation to find out that's missing from the installed PHP.
12. Find out I need to add a step to install the socket extension in my docker file.
13. Build the image again
14. Execute it, finally it works
15. Remember why I hate php
(for brevity I've omitted the even more complex part of having to set up zlib)

How to install node js in a container image:
FROM node:8
ADD package.json
RUN npm install

So CRA(create-react-app) v2 rolled out.

> started new project with my own boilerplate
> little did I know, I am accidentally doing int CRA2
> gulp-sass fails.
> Internal screaming.
> Bulma React Components fails to compile due to one type, IDK how they missed in previous build.
> fixed by removind browserlist array from package.json
> Guess what, it comes back as you close it.
> So, now I've to keep it open while gulp-sass is running, which is almost always, in order to compile.

Thank you and Fuck you facebook

*changes package.json keyword*
*breaks electron-builder*
HOW!? THAT MAKES 0 SENSE!!

So, myself an a friend are working on a project together. I leave for a weekend trip, I come back and find out the changelog is out of date like... six versions. I’m the type of person that likes to keep things like this. I had to manually go to the commit history and check when the package.json version was bumbed.

Yesterday, he updated it twice and pushed the versions to server, without updating the changelog. Turns out we accidentally skipped a version and decided to combine the two.

Now I have to find the dates each version was published since I like to do that too. Great fun.

GitHub, your Copilot sucks, and so does Dependabot!

Dependabot opened 3 pull requests;
merging the first one caused conflicts in package.json and package-lock.json that must be resolved;
while trying to investigate further, the second pull request got closed as it suddenly seemed obsolete.
Dependabot: "Looks like these dependencies are no longer updatable, so this is no longer needed."

This kind of service generates so much noise and irrelevant alerts, it comes out of nowhere and there is no way to get rid of those bots once they invaded a repository. And they are so useless. A simple `npm outdated && npm upgrade` would have done better in 99% of the cases.

GitHub, your Copilot sucks, and so does Dependabot!

minified package.json

Looking at jest errors and loads of GitHub and StackOverflow issues, it's no surprise that people claim they don't like testing.

Maybe they would if we got our tooling right.

import { foo } from 'bar';

Nah, that's an unexpected token, jest does not like this syntax.

Using require, like in jest's getting started tutorial isn't compatible with my existing JS libraries exports.

Adding type: "module" in package.json just makes another error message appear instead.

Fucking developer experience!

Why bother with unit tests at all?

How come PHP is 10 years superior to JS when it comes to code quality, unit tests, and static code analysis?

I don't even care about "ES modules". I don't want to "mock" anything either. All I want to do is import a handful of JavaScript functions into another file.

Overengineered web dev stack sucks!

I just finally took time to look at creating symbolic links for node modules and package and package lock json files all from a boilerplate code for my frontend projects,

I saved over 15gb of disk space,

my SSD is 40gb so that's fair

now I have all my node modules for frontend projects in a separate container and node modules for backend projects in a separate container

I still havent figured out how to trim down my package.json file before pushing because there'll be some unused libraries.

for now any direct changes I make to the package and package lock json files will be reflected in the the symlinked directory and them reflect over all projects that share it

I have to be careful here

Is there some sort of tool where I can put in a package.json and it show what the latest version of each can be used or which package(s) is blocking any upgrade?

Have a project that has lots of dependencies but they are very old and some maybe deprecated or are preventing new libraries from being installed

Why is deployment such an opaque topic most of the time????

I have an index.js file to create a server in plain node.js and a package.json file. It builds and deploys successfully to Heroku master. But app does not work. I assume I need to add something to json file but what???

I was reviewing an Angular (remember this) project where I work to find any possibilities to optimize the performance of app. For a moment an idea came to me to look and analyze package.json and see if there is any package listed there but it's not being used in the application.

...aaaandd there were fucking 32 unused packages. 32 packages that have been installed but are not used anywhere in the application. 32!!!!!

And you know what the best part is. 2 of them were react packages. I mean, literally, their name was react-bllabllablla- component, and when I visited npmjs website, their description was react component that does bllabllablla. It's fucking react....... It's in the name, it's in the description. Is my company giving jobs to fucking blind developers or what? I'm going crazy!

Can you imagine npm would manage autonomous robots?
and also some horrible mistake would need fix, otherwise somebody would be harmed.
for that you push the update, you did npm outdated 3 days ago, everything looked fine.
Npm outdated today would want you to update by 10 versions. I don't know if I'm alone, but seems weird to me that 10 versions jump has happened ... :D we know npm..
and even weirder is the output of npm outdated compared to what package.json diff: express-status-monitor current version1.1.0 latest 1.1.2

So I have replaced npm with yarn due to performance boost and the lockfile.

Never will there be problems with unexpected versions of dependencies!

Wait.

Why is my build writing a yarn.lock?

It turns out, if you want yarn to exit with an error code if it's out of sync with the package.json, you have to run it with:

$ yarn install --frozen-lockfile

Only then it will produce an error.

The default for it is to notice, oh, there is some new dependencies, let resolve this to the most current version I can fetch, and use that one, and write a new lockfile. Meaning you will get unknown futures of a depdency. O_o

That's totally going besides the purpose of having a lockfile in the first place. Why would anyone want this?

Action I do expect to touch the lockfile:

add / remove / upgrade

Action I do NOT expect to touch the lockfile:

install

Install should just install whatever is in there, and if it realizes it is out of sync, die with an error.

But that would make sense!

Who needs sensible defaults anyway!?

I recently got hired on as a contractor to help the company take ownership of a vendor's product.
In one of the repositories that was delivered to us, at the root level of the repo is only src/ and .gitignore
Everything else, including package.json, .npmrc, .docerignore, and everything else, is all inside the src/ directory.

i dont know npm

today i learned `npm install` in root project directory doesn't do what running `npm install` in a subdirectory that actually has a package.json

in this case there was no package.json at the root project directory if it matters

shoutout to fucking eslint not telling me to try installing the fucking packages it can't fucking find, as im a monkey who doesnt know what their doing

well i suppose this is irrelevant since there's yarn, gulp, webpack or whatever is the new hot front end package manager thing

Node server with webpack poly fill on embedded device. Why 😂 .

Replacing node-fetch with node http instead of waiting for native node fetch API. Why 😂

All npm scripts on package.json are dead. Why 😂

Node server is not even sharing TS interfaces with frontend.

Customers are complaining about MeM0r1 L3k and let's build more features on stupid node.

Fucking kill me.