- UndercoverUlrikHD ( @UndercoverUlrikHD@programming.dev ) 108•2 months ago
The only two people arguing against the change were both authors/contributors of is-number lol
- Baleine ( @Baleine@jlai.lu ) 29•2 months ago
How many contributors could there possibly be
- UndercoverUlrikHD ( @UndercoverUlrikHD@programming.dev ) 40•2 months ago
3, about two lines per contributor
- jonne ( @jonne@infosec.pub ) 11•2 months ago
Is it because they included a crypto miner in the package?
- Aatube ( @Aatube@kbin.melroy.org ) 104•2 months ago
Note that the PR was later merged by a member who got fed up with his colleagues.
- lily33 ( @lily33@lemm.ee ) 21•2 months ago
And who hasn’t contributed any code to this particular repo (according to github insights).
- GBU_28 ( @GBU_28@lemm.ee ) English21•2 months ago
Not familiar with this exact team, but a skilled reviewer/issue triager is useful. We can hope this person at least tested the changes.
- Gamma ( @GammaGames@beehaw.org ) English3•2 months ago
The person who opened the pr already did
- AVincentInSpace ( @AVincentInSpace@pawb.social ) English94•2 months ago
Another day of being extremely thankful I decided not to learn JavaScript
- Björn Tantau ( @bjoern_tantau@swg-empire.de ) 104•2 months ago
I mean, the people relying on such packages didn’t learn it either.
- elxeno ( @elxeno@lemm.ee ) 60•2 months ago
Look at what you’re missing!
Edit: also,
is-odd
depends onis-number
- boonhet ( @boonhet@lemm.ee ) 9•2 months ago
These are both made by the same person from this PR (who also made both the package the PR is on, and the is-number package that is being removed as a dep)
- JackbyDev ( @JackbyDev@programming.dev ) English5•2 months ago
Heaven forbid they make a package
is-even-or-odd
with both. Wait. Don’t give them ideas. They’ll just make it depend on both.
- lockhart ( @lockhart@lemmy.ml ) 16•2 months ago
This can happen in any project that uses dependencies, javascript or not
- darklamer ( @darklamer@lemmy.dbzer0.com ) 31•2 months ago
Sure, but when was the last time you saw, say, a Python project using some third-party library instead of simply calling isnumeric() from the standard library?
There’s a reason for these jokes always being about Javascript.
- zqwzzle ( @zqwzzle@lemmy.ca ) English7•2 months ago
I only glossed over it… but this looks like it’s trying to check dynamic typing issues? It’s like a statically typed language with extra steps?
- AVincentInSpace ( @AVincentInSpace@pawb.social ) English22•2 months ago
I don’t think typescript exists because JavaScript wasn’t designed to be statically typed. I think Typescript exists because JavaScript wasn’t really designed, period.
- invertedspear ( @invertedspear@lemm.ee ) 6•2 months ago
How’s the view up there on your high horse?
- AVincentInSpace ( @AVincentInSpace@pawb.social ) English13•2 months ago
Must be pretty good, considering literally every time I check in on the JavaScript community it is somehow more on fire than it was last time. I guess I must have a front row seat to all their misfortune. Either that or they’re just incompetent, but it couldn’t be that, could it?
- ChaoticNeutralCzech ( @ChaoticNeutralCzech@feddit.org ) English75•2 months ago
If you think
is-number
can be replaced with a one-liner, you don’t have the enterprise code mindset. What if the world gets more inclusive and MMXXIV, ½ and ⠼⠁ become recognized as numbers? 𒐍𓆾 were numbers in the past but what if people start assigning numeric value to other characters? Are 🖐🔟💯🆢🂵🀌🁅 numbers of the future???
/sI’m not even all kidding, Regex implementations are split on whether “٣” matches
\d
.- oo1 ( @oo1@lemmings.world ) English5•2 months ago
Are you asking for treefiddy upvotes?
- ChaoticNeutralCzech ( @ChaoticNeutralCzech@feddit.org ) English4•2 months ago
How many upvotes does 💲🄄Ƽ᱐ buy, really?
- I Cast Fist ( @ICastFist@programming.dev ) 2•2 months ago
At least one from the loch ness monster
- oo1 ( @oo1@lemmings.world ) English2•2 months ago
someone fix that goddamn islochnessmonster() function
- bitfucker ( @bitfucker@programming.dev ) 4•2 months ago
So the only valid digits are arabic numbers but arabic script numbers are not a valid digit? If we want programming to be inclusive then doesn’t that make sense to also include the arabic script number?
- ChaoticNeutralCzech ( @ChaoticNeutralCzech@feddit.org ) English18•2 months ago
So the only valid digits are arabic numbers but arabic script numbers are not a valid digit?
Some people writing Regex implementations have that opinion. I’ve refrained from saying mine.
If we want programming to be inclusive then doesn’t that make sense to also include the arabic script number?
Maybe. IMO, number tests should be chosen/implemented based on the project’s requirements. If you want to include every Unicode character or string pattern anyone’s ever used to convey a numeric value, that would be a long and growing list. Arguably, it’s impossible: the word “elf” means a number if interpreted as German for “eleven” but not if interpreted as English for 🧝.
- bitfucker ( @bitfucker@programming.dev ) 5•2 months ago
Yeah, but “elf” are not digits. Digits are a symbol abstracted from the language itself. Does 5 and V convey different meanings in the context of digits? And yeah, I can see why they would argue about the implementation because inclusivity is important. Especially when designing a language implementation. If you are designing it wrong, it will be very hard to extend it in the future. But for application level implementation, go nuts.
- ChaoticNeutralCzech ( @ChaoticNeutralCzech@feddit.org ) English4•2 months ago
You are right, “elf” is a stretch, it does not make sense to parse it as a number. But in some languages, the string “15 240,5” is just how a number is written (yes, that’s a
U+2009 THIN SPACE
, you can’t stop me from using it as a thousand separator in German). Obviously, despite having a,
on their numpads, German programmers still expect computers to parse numbers with decimal dots and interpret commas as list values.- bitfucker ( @bitfucker@programming.dev ) 1•2 months ago
Alright, maybe you misunderstood the term digits with numbers. When parsing a digit, you do not attach semantic yet to the building blocks. A \d regex parser does not care that the string “555” is not equivalent to “VVV”. All it cares about is that there is the digit “5” or “V”. In the same vein, regex parser should not try to parse IV as a single symbol.
- ChaoticNeutralCzech ( @ChaoticNeutralCzech@feddit.org ) English3•2 months ago
It’s not just digits. Nobody is expecting it to understand language yet but the parser
is-number
still returnstrue
for"2e3"
or"0x0F"
. It tells you whether the string can be interpreted as a real numeric value.- bitfucker ( @bitfucker@programming.dev ) 1•2 months ago
Yeah, hence is-“number”. But we were talking about regex are we. A number representation can use digits but it can also not. Much like how you make a number using the word “elf”.
- floofloof ( @floofloof@lemmy.ca ) English61•2 months ago
It looks like “is-number” was never more than a few simple lines of code. It still has 68 million downloads per week.
https://www.npmjs.com/package/is-number
I checked one of our main projects at work, and it’s in there as a dependency 6 levels deep via the “sass” package.
- sushibowl ( @sushibowl@feddit.nl ) 26•2 months ago
is-number is a project by John Schlinkert. John has a background in sales and marketing before he became an open source programmer and started creating these types of single function packages. So far he has about 1400 projects. Not all of them are this small, though many are.
He builds a lot of very basic functionality packages. Get the first n values from an array. Sort an array. Set a non-enumerable property on an object. Split a string. Get the length of the longest item in an array. Check if a path ends with some string. It goes on and on.
If you browse through it’s not uncommon to find packages that do nothing but call another package of his. For example, is-valid-path provides a function to check if a windows path contains any invalid characters. The only thing it does is import and call another package, is-invalid-path, and inverses its output.
He has a package called alphabet that only exports an array with all the letters of the alphabet. There’s a package that provides a list of phrases that could mean “yes.” He has a package (ansi-wrap) to wrap text in ANSI color escape codes, then he has separate packages to wrap text in every color name (ansi-red, ansi-cyan, etc).
To me, 1400 projects is just an insane number, and it’s only possible because they are all so trivial. To me, it very much looks like the work of someone who cares a lot about pumping up his numbers and looking impressive. However the JavaScript world also extolled the virtues of these types of micro packages at some point so what do I know.
- NotNotMike ( @notnotmike@programming.dev ) 12•2 months ago
Wow you’re right, he’s the author of the infamous “is-odd” and “is-even” packages. What an odd person.
Someone in the OP PR mentioned the amount of energy used to download these tiny packages and its actually something crazy to think about
- floofloof ( @floofloof@lemmy.ca ) English5•2 months ago
It makes you wonder why anyone uses them though, since so many of them do things that are trivial in modern JavaScript.
- nickwitha_k (he/him) ( @nickwitha_k@lemmy.sdf.org ) 4•2 months ago
And anyone who has been around for a while should remember when
left-pad
broke node.js. Including unnecessary dependencies, instead of writing trivial code is just bad practice.
- nickwitha_k (he/him) ( @nickwitha_k@lemmy.sdf.org ) 1•2 months ago
To me, 1400 projects is just an insane number, and it’s only possible because they are all so trivial.
Holy shit. I’m going to have to go through my team’s dependencies. I don’t feel confident that someone “maintaining” that many projects is going to be able to keep all bad actors at bay. Not to mention, none of the examples of his libraries that I’ve seen SHOULD be libraries.
- far_university190 ( @far_university190@feddit.org ) English16•2 months ago
What a sassy package depency
- onlinepersona ( @onlinepersona@programming.dev ) 49•2 months ago
440GB weekly for “is number”. What in the world is that package doing?
is-number is a one-line function. (though it’s debatable if a function that complex should be compressed to one line)
You may have heard of a similar if more extreme “microdependency” called is-even. When you use an NPM package, you also need all the dependencies of that package, and the dependencies of those dependencies recursively. Each package has some overhead, eventually leading to this moment in time.
- sparkle ( @sparkle@lemm.ee ) Cymraeg11•2 months ago
Web bloat in a nutshell and why we need to switch to things like Web Assembly more than ever. It’s not WASM, but I used Laminar which is a Scala.js library, and it’s the absolute pinnacle of (frontend) web development. Scala in general is just really great for idiomatic web code, its flexibility is unbeatable.
Another amazing alternative would be anything Rust. In fact I’ve used that much more than Scala for web. I’ve mainly used Leptos for full-stack and and Actix for backend, but I’ve seen Dioxus and Axum in good use and they both seem really great too.
Apparently Lemmy uses Leptos for its UI so… that’s a +1.
- Gamma ( @GammaGames@beehaw.org ) English24•2 months ago
It handles a few weird edge cases, mostly. Only 7 meaningful lines of code and almost 70M downloads week!
- Admiral Patrick ( @ptz@dubvee.org ) English26•2 months ago
Sadly, it’s a stupid dependency of a lot of things.
Just ran
npm explain is-number
on one of my projects, and it’s a dependency ofto-regex-range
which is a dependency offill-range
which is a dependency of…and so on up the chain.I was hoping I wouldn’t find that in there, but alas, it is.
- apotheotic (she/her) ( @apotheotic@beehaw.org ) English33•2 months ago
Given that this screenshot is about
to-regex-range
I think they might be on to something!- Admiral Patrick ( @ptz@dubvee.org ) English22•2 months ago
🤦♂️😆
Didn’t even catch that in the screenshot. lol
- nickwitha_k (he/him) ( @nickwitha_k@lemmy.sdf.org ) 9•2 months ago
I don’t get the concept that depending on 7 lines of code from a third-party package is remotely acceptable. It’s expanding the potential attack surface to save a dev from templating 7 lines of boilerplate. There’s no net benefit or appreciable time saved.
I’m glad I don’t have to deal with this regularly.
ETA: The package is even MIT licensed! There’s no excuse but laziness and not wanting to understand the code to import this rather than inlining or implementing a novel version. If I can spend the time to write:
if err != nil { slog.Warn("well shit", "error", err) return err }
after every function call…I just didn’t get it.
- Gamma ( @GammaGames@beehaw.org ) English5•2 months ago
You’re right, it’s not sane! The js ecosystem is hell
- lad ( @sukhmel@programming.dev ) English4•2 months ago
I’m not sure, this is a valid estimate. If they were to replace
is-number
with its contents, that would mean that the economy is only in HTTP-related overhead.It maybe will make difference because of building phase, lock-files, package-files, but I am not sure that data-traffic difference is that big
- Björn Tantau ( @bjoern_tantau@swg-empire.de ) 45•2 months ago
Link to the PR? The PR description and the comment somehow contradict each other. Or I am stupid. Or the commenter.
I tried to edit the ‘highlights’ into a single image, the top is the description of the PR, the middle is a comment replying to another comment
- Björn Tantau ( @bjoern_tantau@swg-empire.de ) 31•2 months ago
Thanks!
What a shit show.
- josefo ( @josefo@leminal.space ) 32•2 months ago
I really need a community here solely dedicated to GitHub drama. This is so much better than Twitter drama, more relatable.
- KillingTimeItself ( @KillingTimeItself@lemmy.dbzer0.com ) English13•2 months ago
i think programmers need a self inflicted rule of it being less than 500 lines of code means you need to write it instead of using a pre written package/library.
On the other hand, we could make the packages like is-number the worst possible way of checking if something is a number, which would be really fucking funny…
- Kogasa ( @kogasa@programming.dev ) 22•2 months ago
I have read programs a lot shorter than 500 lines which I don’t have the expertise to write.
- Lightfire228 ( @Lightfire228@pawb.social ) 10•2 months ago
Shell scripts don’t count
That’s not a programming language, that’s hieroglyphs
- SaharaMaleikuhm ( @SaharaMaleikuhm@feddit.org ) 5•2 months ago
Skill issue
- UnbalancedFox ( @UnbalancedFox@lemmy.ca ) 4•2 months ago
Amen!
- KillingTimeItself ( @KillingTimeItself@lemmy.dbzer0.com ) English4•2 months ago
well obviously shit like wozmon exists, but there definitely needs to be a rule to prevent handicap shit like “is-number”
the vast majority of programmers have the problem solving capability of a child who took shit apart constantly due to autism.
- Match!! ( @match@pawb.social ) English13•2 months ago
500 is fucking massive maybe try 5
- KillingTimeItself ( @KillingTimeItself@lemmy.dbzer0.com ) English4•2 months ago
true, i was giving the benefit of doubt to idiot programmers lol
- dan ( @dan@upvote.au ) 6•2 months ago
programmers need a self inflicted rule of it being less than 500 lines of code means you need to write it instead of using a pre written package/library.
That’s what I do, but then I end up with similar utils across multiple projects (eg some of these array, map, and set utils: https://github.com/Daniel15/dnstools/tree/master/src/DnsTools.Web/ClientApp/src/utils) and wonder if I should create a library.
Then I end up doing that (https://github.com/Daniel15/jsframework is my most ‘recent’ one, now very outdated) but eventually the library gets outdated and you end up deleting most of it and starting again. (edit: practically this entire library is obsolete how)
It’s the circle of life.
- KillingTimeItself ( @KillingTimeItself@lemmy.dbzer0.com ) English1•2 months ago
i wonder if maybe we just need personal package repos for shit like this, stuff that probably shouldnt be out on the internet and accessible, but that’s also worth packaging for regular use. Like a sort of “code macro” which is something i see people doing a lot for certain boilerplate strings.
- jonne ( @jonne@infosec.pub ) 4•2 months ago
Eh, I can see why you’d want something like that in a language like JavaScript where pretty much all native ways of validating input have weird edge cases. Sometimes you just want the community to figure it out for you instead of reinventing the wheel and finding out you missed something later on.
A whole package that handles validation of inputs, or a math package would be better than a package that just has one function tho.
- KillingTimeItself ( @KillingTimeItself@lemmy.dbzer0.com ) English4•2 months ago
yeah, generally it seems like you want a more broad package, if for something like validating input, it would be comprehensive across all input for example.
There’s one package on npm called is-even and i think another called is-odd, which according to the author are “learning experiences” which have, considerable amounts of downloads, even though it’s literally just is-even checking. Shit like that should probably get you banned from using keyboards for the rest of your life lol