If you write JavaScript tools or libraries, you should bundle your code before publishing. A few hours ago, Azer Koçulu ‘liberated’ his collection of modules from npm following a trademark dispute. One of them — an 11-line utility for putting zeroes in front of strings — was heavily depended on by other modules, including Babel, which is heavily depended on by the entire internet. And so the internet broke. People confirmed their biases: People panicked: And people got angry: Everyone involved here has my sympathy. The situation sucks for everyone, not least Azer (who owes none of you ingrates a damn thing!). But reading the GitHub thread should leave you thoroughly exasperated, because this problem is very easily solved. Bundle your code, even if it’s not for the browser Just to recap: left-pad was unpublished Babel uses fixed versions of its dependencies, one of which (transitively) was left-pad When you install Babel, you also install all its dependencies (and their dependencies) Therefore all old versions of Babel were hosed (until left-pad was un-unpublished) People blame Azer The key item here is number 3. Suppose that instead of listing all those dependencies in package.json,
Share This