Follow

"I will pay you cash to delete your module" ~ drewdevault.com/2021/11/16/Cas

"I do hope that this idea strikes fear in the hearts of any developers that read it, and in other programming language communities which have taken after npm. What are you going to do if one of your vanishes? What if someone studies the minified code on your website, picks out an obscure dependency they find there, then bribes the maintainers?"

@hs0ucy Well, I’d say “WTF”, then use my backups to revert to before I upgraded, then isolate the module and copy its content to a self-coded module. And scratch my head wondering why everyone else is running in panic.

@hs0ucy yarnpkg.com/features/zero-inst

🤷

golang.org/ref/mod#vendoring

🤷

docker pull

🤷 🤷 🤷

Not to mention dependency proxies, backups, local checkouts, …

This is neither a new problem nor are classic systems the solution. If you did your dependency management right in first place, you shouldn't notice much.

But I'm looking forward to see how this plays out :)

@hs0ucy I do try not to frivolously use dependencies in my own projects, I think there's a balance to be had between too many & too few. But I'd never advocate for deleting modules off any such site!

In fact I think NPM & equivalents should never *fully* delete anything to avoid causes these breakages. At least where there's an active dependency.

@hs0ucy well 1)

Why would someone do that?

2) can’t you still use the code, it’s downloaded on your website right?

You could decide to still maintain it I don’t know.

I could also pay eugen to take down mastodon, it’s still going to be here anyway

@louisrcouture @hs0ucy It could be a really creative copyright holder. Instead of trying to take down a "pirate site", they take down the dependency of a pirate site.

Sign in to participate in the conversation
Mastodon @ SDF

"I appreciate SDF but it's a general-purpose server and the name doesn't make it obvious that it's about art." - Eugen Rochko