How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript

Found on The Register on Wednesday, 23 March 2016

When NPM took Kik away from the developer, he was furious and unpublished all of his NPM-managed modules. "This situation made me realize that NPM is someone’s private land where corporate is more powerful than the people, and I do open source because Power To The People," Koçulu blogged.

With left-pad removed from NPM, these applications and widely used bits of open-source infrastructure were unable to obtain the dependency, and thus fell over. Thousands, worldwide. Left-pad was fetched 2,486,696 downloads in just the last month, according to NPM. It was that popular.

One of the big problems is that soc-called developers prefer to include all verious sorts of (sometimes even obscure) modules, creating a dependeny hell when it would just take a few lines of your own code to avoid all that.

Browse all articles« Previous « » Next »