Dependency hell - Google search terms
-
Google search terms wanted. A few years ago, a developer of a trivial package in one of the major packet wells on internet decided to delete his package from the well (allegedly because he never received the credit he expected and deserved) - creating havoc in the development world: Thousands of programs had imported the package, and rebuilding the system crashed. I know this story only through the grapevine, so details are fuzzy - but through a couple different channels, so I guess the story is well known. I'd like to dig up some more reliable, detailed information about this case, but I am not able to come up with search terms that brings up what I am looking for. Do you know e.g. the name of the package in question? Or the name of the developer involved? Or any other good search terms that brings me closer to information about the incident?
Religious freedom is the freedom to say that two plus two make five.
-
Google search terms wanted. A few years ago, a developer of a trivial package in one of the major packet wells on internet decided to delete his package from the well (allegedly because he never received the credit he expected and deserved) - creating havoc in the development world: Thousands of programs had imported the package, and rebuilding the system crashed. I know this story only through the grapevine, so details are fuzzy - but through a couple different channels, so I guess the story is well known. I'd like to dig up some more reliable, detailed information about this case, but I am not able to come up with search terms that brings up what I am looking for. Do you know e.g. the name of the package in question? Or the name of the developer involved? Or any other good search terms that brings me closer to information about the incident?
Religious freedom is the freedom to say that two plus two make five.
-
Google search terms wanted. A few years ago, a developer of a trivial package in one of the major packet wells on internet decided to delete his package from the well (allegedly because he never received the credit he expected and deserved) - creating havoc in the development world: Thousands of programs had imported the package, and rebuilding the system crashed. I know this story only through the grapevine, so details are fuzzy - but through a couple different channels, so I guess the story is well known. I'd like to dig up some more reliable, detailed information about this case, but I am not able to come up with search terms that brings up what I am looking for. Do you know e.g. the name of the package in question? Or the name of the developer involved? Or any other good search terms that brings me closer to information about the incident?
Religious freedom is the freedom to say that two plus two make five.
This one? [Rage-quit: Coder unpublished 17 lines of JavaScript and “broke the Internet” | Ars Technica](https://arstechnica.com/information-technology/2016/03/rage-quit-coder-unpublished-17-lines-of-javascript-and-broke-the-internet/) btw, my search terms were "developer removes package", so no great Google-fu there.
"A little song, a little dance, a little seltzer down your pants" Chuckles the clown
-
1. Would be helpful when you give a hint what the package supported 2. Yeah, always have a copy of such a package when used in production software. Anything else is more than negligent.
0x01AA wrote:
1. Would be helpful when you give a hint what the package supported
That is some of the information I am searching :-) The essential part of the story as I have heard is how a tiny little packet deleted can create havoc. For that issue, the contents of the package is not essential. I have vague memory, that is was some sort of bit fiddling, possibly searching for the highest 1-bit in a word. My memory may be wrong, and it is insignificant for the real problem of dependencies. Edit: My memory was wrong - so if I had presented it in the original post, it would have been misleading. The module creating most problems were 'left-pad', a rather trivial string function for right justifying a text.
Religious freedom is the freedom to say that two plus two make five.
-
This one? [Rage-quit: Coder unpublished 17 lines of JavaScript and “broke the Internet” | Ars Technica](https://arstechnica.com/information-technology/2016/03/rage-quit-coder-unpublished-17-lines-of-javascript-and-broke-the-internet/) btw, my search terms were "developer removes package", so no great Google-fu there.
"A little song, a little dance, a little seltzer down your pants" Chuckles the clown
-
0x01AA wrote:
1. Would be helpful when you give a hint what the package supported
That is some of the information I am searching :-) The essential part of the story as I have heard is how a tiny little packet deleted can create havoc. For that issue, the contents of the package is not essential. I have vague memory, that is was some sort of bit fiddling, possibly searching for the highest 1-bit in a word. My memory may be wrong, and it is insignificant for the real problem of dependencies. Edit: My memory was wrong - so if I had presented it in the original post, it would have been misleading. The module creating most problems were 'left-pad', a rather trivial string function for right justifying a text.
Religious freedom is the freedom to say that two plus two make five.
I think it is also worth noting that NPM (the package registry in question) has since updated its terms of usage? If you now publish a package you simply CAN'T unpublish it anymore if other packages are depending on that particular package. The story was most known by frontend developers, since NPM is the platform they use most. 'broke the internet' is a very bold statement, but it did create some havoc indeed in its days. Cheers - Peter.