 | Forum Threads |  |
| Random Photo | |
| Member Poll | |
|
| Comments |
on February 21 2017 10:56:21
More like a problem with NPM |
on February 21 2017 16:40:38
That's not how I see it. I see it as a dependency problem. Too many dependencies on code stored wherever, over which you have no control. |
on February 22 2017 14:14:07
I'm not sure I follow. Third-party code libraries have been used forever, and having a central repository is not that new either, e.g. NuGet. One could argue that the App Store/Google Play/Windows Store also are package managers, with some of the same benefits and drawbacks. |
on February 22 2017 17:05:17
indeed, but there is a difference between using a dependency like nuget to build your app, where you distribute the code bundled inside your installer or whatever, compared to having your product retrieve code from an external source at runtime. using your example, it would be like selling an app on the app store that needed to retrieve 2 other apps from the playstore whenever your ran it |
on February 23 2017 11:22:43
As I understand it, end-user apps which relied on this code, like Spotify, still shipped with the code; the issue was just an issue for developers, making new distributions. Did I get that wrong? |
on February 24 2017 08:38:59
No. I just read up on Node, and I must have confused regular npm use with something else. I saw in some demo once, that you could include javascript files in node directly from an url, like with client side javascript, but that must have been some special npm module of its own.
You're right. Code probably shipped with the apps 
The other problems remain though. |
on February 24 2017 11:07:28
There are certainly drawbacks with a centralized package manager, especially if the people running it make the wrong decisions, but I think the benefits outweigh them. As a developer it is certainly great, both as a consumer and producer of code, but this does highlight an unfortunate possible situation, which we thought was just hypothetical, but became real after a series of bad decisions. I think everyone has learned from this, and steps have probably been taken, not just by the NPM people, to prevent this from happening again, or at least mitigating it. |
on February 25 2017 22:08:46
Well, I have little personal experience with package managers. I do love nuget though. It makes my life a lot easier. But I suppose another concern is the age old debate about relying too much on new tech - using calculators in first grade etc. There's the risk of becoming complacent, and just using a library/extension for every little thing. I think developers should at least try a little bit to reduce the number of dependencies. This is something that I've seen with web pages, that sometimes rely on several dusins of scripts for no apparent reason. Do you really need a left-pad module? |
on February 27 2017 11:15:37
Generally speaking, you want to use as many existing libraries/packages/scripts/etc as you can. Although it's an overused, and incorrect, metaphor, think of building a house. You'd buy as much as you could of your materials pre-made; lumber, brackets, screws, roof tiles, pipes, and even all the interior, such as toilets, furniture, paint, etc. Sometimes you even buy huge pre-made modules. Not only does this save massive amounts of time and money, you also kinda figure that the screw manufacturing company is better at making screws than you are.
Another factor, speaking as a professional developer, is that I'd rather focus my skills and efforts on the challenging tasks, rather than doing menial work that other people already have made, and, quite importantly, tested.
Of course, it's preferable to not use a huge library if you only want to use a tiny bit of code, particularly if you're building something sensitive to code load, such as a webpage. On the other hand, if you're using something like jQuery, which is used by 70% of all websites, then you can reasonably expect that the library is already cached by the users' clients, and you don't have to worry about the load. |
on February 27 2017 13:29:02
I agree in principle, given that you actually have dependencies that have been tested and will remain available. I have no personal experience with Dependency hell, and I'm sure you can all but avoid such things by using a great package manager/solution. Still, I maintain that a dependency does incur a cost of some kind, and including the right dependencies in your project makes your code better. |
on February 27 2017 14:44:30
Oh yes, this is definitely just a principle. In the real world you need to be judicious about when and which package to use. Is it from a trusted source, is it widely used, etc.? And just like software updates on your pc and phone, package updates are usually a good thing, as they generally bring more features, better reliability and security, but sometimes they break shit.
So, the rule is, use as many packages as you can, but not too many, and only the right ones. Hope that helps!  |
on February 27 2017 20:33:14
*scribbles on back of hand* 
Reminds me of this guy - very funny lecture about applying scientific rigor to software development. Worth a listen |
|
|
| Post Comment | |
Please Login to Post a Comment.
|
|
|
| Login | |
Forgotten your password? Request a new one here.
|
| | 
| Last Seen Users | |
| Obituaries | |
You must login to post a message.
|
| |
|
Dumb
