Hacker News new | past | comments | ask | show | jobs | submit login

It's interesting to me that everyone uses that isArrayish module example as though it represented the downfall of civilization when to me, yes maybe it represents the downfall of civilization a little bit, but it also represents the strength of npm. Absolutely anyone can create code, put it online and then have others use it fast. Of course this means you do end up with a lot of nonsense, but a lot of brilliance too.

Nobody does this with maven because maven and the Java community in general makes this hard. It's doable, but generally takes more work, which is a strength and a weakness for the Java community. You could argue this is "worse is better"[0], making sacrifices, in this case in redundancy for simplicity of use. People should really just write the code for isArrayish if it is this simple, or perhaps the language or babel or whatever should provide such a function.

However no one forces anyone to use these, if you want a standard library, use Lodash, here is its isArray: https://lodash.com/docs#isArray, it even has differentiations of this like: https://lodash.com/docs#isArrayLikeObject. Complaints about something like the isArrayish module make my head hurt. It filled a void fast where one existed so people could use it and get on with their projects and subsequently their lives. I just don't see anything wrong with that.

0) https://www.jwz.org/doc/worse-is-better.html




> Absolutely anyone can create code, put it online and then have others use it fast.

And after 2 years remove or change it in a malicious way and break thousands of other packages and projects. Because it's absolutely anyone.


That's a problem with all open source software though. Heartbleed comes to mind. This problem may be compounded a bit by the fact that npm has such a low barrier to entry due to its simplicity.

Though saying other open source software is secure due to a higher barrier to entry feels like security by obscurity. Particularly since that higher barrier is often not higher because it's insisted on being high quality tested code, but just because it involves greater complexity in actually submitting it to be distributed.


>It's interesting to me that everyone uses that isArrayish module example as though it represented the downfall of civilization when to me, yes maybe it represents the downfall of civilization a little bit, but it also represents the strength of npm. Absolutely anyone can create code, put it online and then have others use it fast. Of course this means you do end up with a lot of nonsense, but a lot of brilliance too.

How is JS/NPM in that sense better than Go, a language with a strong standard library, with a solid developer community around it and where packages are as easy as pushing to a git server?

Or how does it improve over similar, more traditional package management stories like Python/pip?


I do use lodash and I very carefully consider my dependencies, the problem is when I pull in something and it then pulls in 250 packages, now I'm dependent on them as well, it does it's job but sometimes I wonder how any of it works but maybe in just old.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: