Yeah, i try to watch these kinds of videos, but I cant because its basically someone else thinking for me, and that's fine in and of itself, but these kinda vids are mostly just opinions.
To be fair, ECMAScript has some standard library for this kind of operations. The "isNumber" function showcased in this video is a very opinionated code. Why would it return true for a string? Maybe I don't want that. If you put this into a standard library, that is what I would call not-decent.
@@SirKurt25 typeof(x)=="number" is already there if you don't want to accept strings, but even then you often have to go from string to number when reading input, get/post args, etc, even if you intent to typecast it and use typeof() checking, hence isNumber is there to filter out weird edge cases like "" being treated as 0, even by the Number() typecast function.
Fun fact: this guy is a former sales/consulting guy who switched into software. He makes hundreds of these (many automatically generated) and adds them as dependencies to his and others' projects while making pull requests for unrelated things. This way, he can claim that he created thousands of open source projects used as dependencies of popular projects. I recognized his name lmao
The JS' father claims he only design js just for a quick for a project and intended to dump it very soon after the project finished, but some morons out there decided to use js as a real programming language instead of the way it was designed 😂😂😂
V1: isNumber(): not sure V2: isNumber(): I guess?? V3: isNumber(): Definitely not!! V4: isNumber(): no wait, actually it is V5: isNumber(): no actually it wasn't, sorry! V6: isNumber(): I don't know what it is :( V7: isNumber(): you have to be kidding me
Jon Schlinkert's bio says he worked in sales and marketing before learning to code. That explains a lot. He parasitically makes projects dependent on useless functions like this so he can advertise himself better.
How do you write code like that and not immediately switch to a different language? What the actual f is wrong with javascript developers? "Pretty straightforward?" Seek medical attention.
As an unwilling JS developer myself, what's wrong with us is that we still need to use this hell-language because everybody else still does. And the problem's just getting worse, more and more applications are just becoming web browsers in disguise. You might think the solution is easy enough, just use a different language, but that's not nearly as viable as it seems because of how much momentum JS has. That's also why almost all of the proposed replacements for JS are really just weird extensions tacked onto it, and also why they're mostly terrible because of just how deep javascript's problems actually run. It's sort of like how C++ is an absolute abomination, yet remains widely used due to how much momentum it has. JS basically has the same problem but much worse.
@@lorscarbonferrite6964 I actually like JS (I write Rust and JS full time), I think that it's a very expressive and elegant language, albeit with some major flaws. What would change your mind about it? If there was no dynamic typing and they added Ints, or does the problem go deeper do you think?
Yeah I'd find it hard to argue that a trivial one-liner like this is some sort of code theft. It's not like a novel algorithm or way of going about things - just some boilerplate checks.
@@SaHaRaSquad When the original repo inevitably gets updated (es. fixes, vulnerabilities...), the lifted code won't get pulled downstream, and you'll have a hard time spotting what to update. Don't do it with any non-trivial code.
Prime should’ve read the whole conversation, where the is-number author says the code is shitty, then they call him out, since it’s basically a copy and paste from the original code 😂
I’m way more an IT guy than a programmer, so I didn’t have the full context of what was happening, but when you pulled up what “is-number” does and that it is separately pulled 63 million times a week I almost died.
I am a full stack web developer, from java to JS era. However now with phobia to adding dependencies... work for 10 year but never use is-number dependencies. I use less or around 10 dependencies but surely less than 20 dependencies per project...There is always developer just do stuff because they think they can run with their mind go wild, keep typing and add code..... While i am the other side, I would think triple time before using dependencies, why I would want to add "debt cost" to my project
3 месяца назад+203
I will never get over how bizarre JavaScript semantics are
is-number developer literally posted new comment in that thread 2 hours ago, and it is hilarious! 😂 Go read it, as he also blames AI for people not willing to install these useless micro dependencies, as now they can ask copilot to write it for them.
Here's the fun thing, He's also the author of the library that the PR was submitted in as @son_guhun says in the replies to another comment. No wonder he's fighting tooth and nail to keep it in, He wants to keep his precious 65 million weekly download score.
The most shocking thing I think in this video is how strongly people argued against replacing a trivial function?!?! The guy arguing about how future bugs might be found that isNumber patches, duuuude, it's literally 2 statements! How many bugs do you think there are in it? This is not some complicated task.
Here I am thinking certainty is reasonable below 1000 loc but hard. There should be no panic over a snippet. I absolutely love Javascript because of how fun it is to program with. But stuff like this just makes me reach for whiskey.
This is everything wrong with JS dev. This is why C devs laugh at web devs, it's just ridiculous to have dependencies for every little simple thing. it's overcomplicated and gives you less control
even more so when you have people throwing fits and calling people's code shitty, because their trivial 7 lines of code is about to be inlined, and they might lose out on their 65 million weekly downloads that they desperately need
Seriously, why does their build pipeline not cache the package and only download it when there is a new version. I see this so often with build pipelines loading over and over again the packages. At best this is downloaded once by the CI pipeline and references in all further builds. Only when the package.json changes and the version it should download it again.
Yeah, but then you have people doing things like spinning up a whole container every time they run CI, and now you have to figure out where to put the cache. (This is obviously a solvable problem. But it is not solved-by-default, so some people are going to screw it up or not do it.)
This is one of my favorite Primeagen videos: in less than 10 minutes we got more entertaining JS shenanigans, another good argument against needless dependencies (and JS), and an example that shows how hurting a poor immature maintainer's feelings can keep the world burning.
Regarding attribution... is there any other way of reliably define if its a number or is that the only way to do it in javascript? for "codebase" so small I think there is a fine line between being the author of "something" and basically attributing to yourself the only solution to a given problem. Independently of the author of the CR actually copying it, or doing it on his own and then taking a look to make a point, this code is so small that there is no way of knowing it, and the CR doesn't have even use one of the functions the other one does.
I remember in a previous employment, I started that I will allow JS on our servers if it pulls less than 100 dependencies. The dev team after a week decided to change to Go.
The old dog I am is shedding a tear right now 😥 When I count all the hours, days, months and years spent to count and save bits and then there is.... that atrocity.
Node be like: Finish project come back after 2 months deploy 20 vulnerabilities a massive memory leak in a library called twoPlusTwo you have no memory ever touching npm audit fix pray you didn't pray enough.
When is is-number going to get a major update? Will mathematicians suddenly convene and change their minds on what a number is? Seems to me that is-number is more likely to be compromised in a supply chain attack than it is to receive a critical update.
Sounds like youtube is starting to get suspicious of Prime. Are you a climate change denier Prime?! Huh?!! Fess up convict! This is youtube here you're guilty until proven guilty! (/j)
This will be fun - but the micro dependencies problem isn't unique to npm - Cargo has this problem as well, and it is compounded by Rust having to compile and statically link every dependency with the same version of rustc.
My rule of thumb; if the idea of upstreaming changes to a dependency seems unrealistic *for any reason at all*, you better have a really good reason to be using it.
the problem with nodejs is that alot of library are the one who use this package and we cannot do anything in order to stop it. Thats why is_number package is being download so many times
Recreational Rust should be illegal because it is horrible for the climate. Only large companies that can offset the carbon footprint of compiling cargo packages by shipping static binaries should be allowed to use it
corporations waste way more energy than any of us combined. If producing more CO2 is going to make our burgers cheaper we are going to buy it then point the finger at others for not doing their part reducing emissions.
Hah beat me to it - with Rust we not only have downloads to worry about but also compilation as well. Upgrade a dep? Recompile. Upgrade rustc? Recompile all deps.
Well, at least you dont have to compile every time you run the program like JS, Python, PHP etc. And you dont have to "interpret bytecode" like Java and C# on each start!
Based on this, Javascript should include a minimization-macroing extension. IE. find a replace macro code that instead of requires(x), just call a macro_req(x). so then we do the code injection instead of downloading at the client.
Am I understanding it correctly, that the issue is not at all with the dependency, but rather with some sort of CI/CD environment/pipeline that keeps pulling the same packages over and over? Because how is npm generating any significant amounts of traffic? It's just text and you only pull it presumably once per project.
The package featured in this video is called to-regex-range. Every time someone tests a project that depends on to-regex-range, their CI job will download another copy of this package and its dependencies (e.g., is-number). to-regex-range is downloaded from npm 50 million times a week, so that does add up to a lot of traffic. It wouldn't be a problem if not for the fact that these packages include more than 8 kilobytes worth of text files just for 400 bytes worth of code
@@JanVerny It's not their CI job, it's everyone else's. Every single user of that package, and every single user of a package that indirectly depends on that package, might have a different CI pipeline hosted on a different service (GitHub Actions, Azure DevOps, AWS CodePipeline, GitLab Pipelines, Jenkins, Travis CI, CircleCI...) downloading the same packages multiple times a day. I do think that a better option would be to remove the README and LICENSE files from the distributions, though, as that would make is-number ~50% lighter, but improving everyone's reduntant CI pipelines is not something they can do
This video feels like a good reminder for me to never even consider JS. Though to be fair, it's more the people than the language. I'm genuinely shocked that anyone was defending this as a dependency. These are the kinds of things that you write in your own little utils file that you can check informally. There's literally no reason to have an entire npm test suite for something like this. Or at the very least just build it into your existing one; it doesn't need its own. Overreliance on frameworks, package managers, and build tools probably has to be my least favorite thing in software right now. And it's not even close.
Same. Unfortunately a significant amount of developers seem to feel compelled to use every tool and feature available, whether it makes sense or not. And none of them think for a second how high the true costs of dependencies are.
@@SaHaRaSquad + 1 I'm from the minimalistic camp, i.e., use only as much as is needed. Unfortunately if the languages and their PMs itself are shit, our hands are kind of tied. Like you have to use JS if you want to work in web, yes you could find workarounds but thats an even shittier game.
These kinds of people exist in all programming communities, not just JavaScript. Check out some of the crap that goes on in C related issues, or any other place where people have egos and opinions (i.e. everywhere). I’ve seen it with PHP, Java, Python, etc. too. Try not to tie to people to the tool, even though it can be hard. Just ignore the nonsense and build things.
@@pieflies Oh I know, and I tend to just do my own thing anyway. But I would be lying if I said I didn't notice this problem being particularly prevalent in web development and JVM projects (including with languages like Kotlin and Scala). It doesn't seem to be as much of an issue in the embedded world unless you're working on really specific kinds of projects, at least from what I've seen. I'm certain I just have a really particular viewpoint; I didn't mean to imply that *every* JS dev is terrible or anything. That obviously isn't true. But you have to admit, there is a certain culture surrounding web dev and frameworks... It's honestly overwhelming for someone trying to transition into the field. Hardware programming genuinely seemed more approachable for me, and that should say something in itself.
When I finished up at my last job I was cleaning up a couple o’ dozen JavaScript projects and there was over a trillion files within the various node modules folders. Back in the day I never would have thought we would get to the point of having billions of files in a relatively small project.
That comment disagreeing with the PR due to maintenance burden I really can't agree with. The code is trivial and unlikely to change in the long term. It is also rather unlikely major bugs could be found or would even be relevant depending on how it's being used within the codebase. I can agree with the notion of not wanting to assume maintenance responsibility of more complex dependencies, but for something this small it's a rather ridiculous hill to die on
I wonder if npm has / could do with a sparse checkout? Otherwise, this could also be solved by using a Git subtree / subrepo and / or a sparse checkout. Sorts out proper attribution too!
Viewer from Germany here - why the hell is there a climate change disclaimer under this video? Edit: minute 5:10 OMG HE READ A JOKE COMMENT THAT CONTAINED THE WORD CLIMATE CHANGE
I dont understand it, with TS if value is expected to be a number it must be a number, otherwise parse it and TS validation will find error, what's the point at all of using that library? Also 68 million?!
Just use a build-cache. Problem solve. The PR just shifted the maintained headache (although I don't know who would even bother modifying this for some special case).
when people make arguments like if in future is-number will have some bugs fixed... but is it right that so small piece of code is not already working in like 100% of cases... is it hard to make it robust so it would not need to be fixed in future?
JS has a perfectly acceptable standard library here. its just that people invented a stupid problem and nobody seems to realize that before claiming this problem is hard. `typeof x === "number"` is all you need, and if your data is a string that looks like a number... then its not a number and you need to fix your data.
Why are you always selecting text without the first and last letter? And when you misclicked and selected 2 letters before the end, you also selected to 2 letters after the start.
lmao, after skipping 10s near the end and suddenly ending up with that diagram on the screen initially I thought it was about P vs NP xD (and NPM being bigger than both xD)
do you think if we got this guy and ljharb's dependency webs intertwined they'd get stuck in an infinite loop fighting each other and leave the rest of us alone?
That's npm for you: by default you get one copy of every dependency downloaded for each project, and in some environments like CI you even download it once per build because of temporary VMs being used for the build process. Incredible but true.
@@TheDragShot I mean even at 10 merges a day, that's a max of 300 CI deploys a month. The file is like 10kb if you are super generous. Something doesn't add up.
@@InfiniteQuest86 Well, if we look at the big picture, you are but one person among millions building JS projects that at some point in their dependencies rely on this and many other single-function libraries, every day. That traffic may pale in comparison to social media and stuff, but it can't be small. I was thinking of that, I guess I should have been more clear about it.
@@TheDragShot I haven't programmed JS since like 2002 as a kid. But I really don't understand this still. He is claiming on his one single project that this tiny function as a library is consuming 440GB per week. Not all users world wide. Not all programmers world wide. Just this one project. I can't even believe the number would be that high if it redownloaded it per user per use of the function. Which would be insane. Do people really build a new container and redeploy and re-install everything in the system every time a user connects to the server?
Code is different when the input is a String, the trimmed number is not empty, Number.isFinite is false and isFinite is true. As I'm not a Javascript programmer, I can't tell if this is significant but presumably the original code had some reason for this extra condition.
RUclips tagged this video with a reference to climate change Wikipedia below the video, because it was a topic in the video.
Yeah sure but it is wild how persistent the alg is...
Better than blocking the video for misinformation, just because sarcasm is hard.
the very same platform that removes comments randomly for no apparent reason.
I wonder how much carbon it takes to run the speech-to-text no-no word finder on every second of every video uploaded to youtube
@@Badspot Likely less than the amount used when trying to serve the video to all of the viewers of the video.
All that bandwith saved went to distribute this video to 15k people
Worth
Should've been 69k, but ok.
Almost there @@anteusify
I watched the video in 240p and pretended the blurred code was just a spoiler because I care about climate change.
That is googles bandwidth, not the companies. Big difference.
Imagine how much bandwidth would be saved if we all just read the posts instead of watching videos of Prime reading them.
You are spot on. For me, he is just a screen reader with a bunch of dumb noise.
Yeah but it’s the ultimate dark reader - my screen is completely black.
not all us can be bothered to scout the internet for interesting posts
people on youtube already react to them, so watching them instead is way easier
Yeah, i try to watch these kinds of videos, but I cant because its basically someone else thinking for me, and that's fine in and of itself, but these kinda vids are mostly just opinions.
there is an iceberg with Primes name on it.
You know, someone should calculate how much energy it's costing us that ECMAScript is not designed with a decent standard library.
PHD project alert.
Soydevs caused climate change .
Probably a use case for deno's std lib. Even though it might not be complete complete, it has some good utils there.
To be fair, ECMAScript has some standard library for this kind of operations. The "isNumber" function showcased in this video is a very opinionated code. Why would it return true for a string? Maybe I don't want that. If you put this into a standard library, that is what I would call not-decent.
@@SirKurt25 typeof(x)=="number" is already there if you don't want to accept strings, but even then you often have to go from string to number when reading input, get/post args, etc, even if you intent to typecast it and use typeof() checking, hence isNumber is there to filter out weird edge cases like "" being treated as 0, even by the Number() typecast function.
funny thing - person who closed pr two years old and started arguing with people over this library is is-number creator himself lol
He is also the author of the library in which the PR was submitted, fwiw
@@son_guhun oh. as it was merged by a different guy i though the lib was not his. ig makes sense though
this guy has singlehandedly poisoned the npm ecosystem for resume/clout, it's insane. weekly downloads chart was a mistake
Fun fact: this guy is a former sales/consulting guy who switched into software. He makes hundreds of these (many automatically generated) and adds them as dependencies to his and others' projects while making pull requests for unrelated things. This way, he can claim that he created thousands of open source projects used as dependencies of popular projects. I recognized his name lmao
@@omduggineni that's wild
1:10 So 'isFinite("")' is true, and 'Number.isFinite("")' is false. Goddamnit, JavaScript.
The JS' father claims he only design js just for a quick for a project and intended to dump it very soon after the project finished, but some morons out there decided to use js as a real programming language instead of the way it was designed 😂😂😂
IsFinite is so shitty that they fixed it in that static class.
Version 7?! Wtf did versions 1-6 of is-number do?
Oh, that's its own wild ride
Semantic versioning, I guess?
Someone did a tiny little breaking change, and that's a major version bump.
V1: isNumber(): not sure
V2: isNumber(): I guess??
V3: isNumber(): Definitely not!!
V4: isNumber(): no wait, actually it is
V5: isNumber(): no actually it wasn't, sorry!
V6: isNumber(): I don't know what it is :(
V7: isNumber(): you have to be kidding me
I would assume the exact definition of what is and is not a number might have changes throughout ECMAScript versions?
After a week of digging I've found out that v7 means they have tested all numbers up to (and including) 7
Jon Schlinkert's bio says he worked in sales and marketing before learning to code. That explains a lot. He parasitically makes projects dependent on useless functions like this so he can advertise himself better.
I have no idea how being known as THE worst npm spammer helps one's reputation, but that might be because I don't work in sales/marketing.
0.0
@@saasseli What you call "spam," they call "lead generation."
How do you write code like that and not immediately switch to a different language? What the actual f is wrong with javascript developers? "Pretty straightforward?" Seek medical attention.
There's unfortunately not a replacement for javascript
@@pxolqopt3597[insert list of every other programming language ever made here]
As an unwilling JS developer myself, what's wrong with us is that we still need to use this hell-language because everybody else still does. And the problem's just getting worse, more and more applications are just becoming web browsers in disguise. You might think the solution is easy enough, just use a different language, but that's not nearly as viable as it seems because of how much momentum JS has. That's also why almost all of the proposed replacements for JS are really just weird extensions tacked onto it, and also why they're mostly terrible because of just how deep javascript's problems actually run. It's sort of like how C++ is an absolute abomination, yet remains widely used due to how much momentum it has. JS basically has the same problem but much worse.
@@pxolqopt3597 True, but you can always write in another language and transpile to JS. So you never get to see, or write, JS.
@@lorscarbonferrite6964 I actually like JS (I write Rust and JS full time), I think that it's a very expressive and elegant language, albeit with some major flaws. What would change your mind about it? If there was no dynamic typing and they added Ints, or does the problem go deeper do you think?
"Lifted code"
Literally just checking types and avoiding some JS bullshit implicit type conversions.
Yeah I'd find it hard to argue that a trivial one-liner like this is some sort of code theft. It's not like a novel algorithm or way of going about things - just some boilerplate checks.
Not to mention both repos have the same maintainer, so even if the code was non-trivial it wouldn't matter.
you must check if else without if else !
I mean, is there even a way to do this differently?
You would have to try hard to make it differently.
@@SaHaRaSquad When the original repo inevitably gets updated (es. fixes, vulnerabilities...), the lifted code won't get pulled downstream, and you'll have a hard time spotting what to update. Don't do it with any non-trivial code.
Prime should’ve read the whole conversation, where the is-number author says the code is shitty, then they call him out, since it’s basically a copy and paste from the original code 😂
He did :D
I’m way more an IT guy than a programmer, so I didn’t have the full context of what was happening, but when you pulled up what “is-number” does and that it is separately pulled 63 million times a week I almost died.
I am a full stack web developer, from java to JS era. However now with phobia to adding dependencies... work for 10 year but never use is-number dependencies. I use less or around 10 dependencies but surely less than 20 dependencies per project...There is always developer just do stuff because they think they can run with their mind go wild, keep typing and add code.....
While i am the other side, I would think triple time before using dependencies, why I would want to add "debt cost" to my project
I will never get over how bizarre JavaScript semantics are
JavaScript's Bizarre Semantics 🕺
@@JorgetePanete Looks like a good name for an anime ;-)
Is meant for HTML DOMS but we have to push everything beyond its boundries.
is-number developer literally posted new comment in that thread 2 hours ago, and it is hilarious! 😂
Go read it, as he also blames AI for people not willing to install these useless micro dependencies, as now they can ask copilot to write it for them.
😂
Here's the fun thing, He's also the author of the library that the PR was submitted in as @son_guhun says in the replies to another comment.
No wonder he's fighting tooth and nail to keep it in, He wants to keep his precious 65 million weekly download score.
shadcn/ui approach, copy pasting what you want to your code
9:11 npm Netflix and p..n incoming
The most shocking thing I think in this video is how strongly people argued against replacing a trivial function?!?! The guy arguing about how future bugs might be found that isNumber patches, duuuude, it's literally 2 statements! How many bugs do you think there are in it? This is not some complicated task.
It is on version 7, so it had bugs before, somehow?
It's because all of them use it. Have you seen the downloads?
Here I am thinking certainty is reasonable below 1000 loc but hard. There should be no panic over a snippet.
I absolutely love Javascript because of how fun it is to program with. But stuff like this just makes me reach for whiskey.
This is everything wrong with JS dev. This is why C devs laugh at web devs, it's just ridiculous to have dependencies for every little simple thing. it's overcomplicated and gives you less control
"gives you less control"
Oh come on, we are talking about js devs, they love their DOM.
Hehe.
Arcidi225 I see what you did here 😅😅😅🤣🤣🤣
even more so when you have people throwing fits and calling people's code shitty, because their trivial 7 lines of code is about to be inlined, and they might lose out on their 65 million weekly downloads that they desperately need
Real men use GOTO.
@@tablettablete186 I am glad someone did xD
This is why you ALWAYS reinvent the wheel. C gang stays winning!
Seriously, why does their build pipeline not cache the package and only download it when there is a new version. I see this so often with build pipelines loading over and over again the packages. At best this is downloaded once by the CI pipeline and references in all further builds. Only when the package.json changes and the version it should download it again.
this. only relevant comment here
I personally do this with pnpm in our GitHub actions
NPM is so fragile that this there is legitimate fear of breaking clean rebuilds.
Yeah, but then you have people doing things like spinning up a whole container every time they run CI, and now you have to figure out where to put the cache.
(This is obviously a solvable problem. But it is not solved-by-default, so some people are going to screw it up or not do it.)
This is one of my favorite Primeagen videos: in less than 10 minutes we got more entertaining JS shenanigans, another good argument against needless dependencies (and JS), and an example that shows how hurting a poor immature maintainer's feelings can keep the world burning.
Greatest line of all time "npm is a superset of porn"
Regarding attribution... is there any other way of reliably define if its a number or is that the only way to do it in javascript? for "codebase" so small I think there is a fine line between being the author of "something" and basically attributing to yourself the only solution to a given problem. Independently of the author of the CR actually copying it, or doing it on his own and then taking a look to make a point, this code is so small that there is no way of knowing it, and the CR doesn't have even use one of the functions the other one does.
PS: also, "libraries" / "packages" so small should not exist, thank $DEITY I'm not a javascript developer in these crazy times...
I remember in a previous employment, I started that I will allow JS on our servers if it pulls less than 100 dependencies. The dev team after a week decided to change to Go.
NPM should be renamed to JPM: jonschlinkert passion manager
What a joke of ecosystem.
The old dog I am is shedding a tear right now 😥 When I count all the hours, days, months and years spent to count and save bits and then there is.... that atrocity.
It’s mindblowing to me that, after 25? years, no one has created a fully featured replacement for JavaScript that hasn’t been widely adopted.
The problem is that you would have to get all major browsers to adopt it. The benefit of Javascript is that it runs on all browsers
webassembly?
@@LaysarOwObrowsers don't support wasm natively so it still runs javascript
When you sink in the shit you can't get out. You have to dig yourself into the shit even more
@@LaysarOwOwebassembly doesn't have dom access. Not useful except heavy calculations for now.
Node be like:
Finish project
come back after 2 months
deploy
20 vulnerabilities
a massive memory leak in a library called twoPlusTwo you have no memory ever touching
npm audit fix
pray
you didn't pray enough.
When is is-number going to get a major update? Will mathematicians suddenly convene and change their minds on what a number is? Seems to me that is-number is more likely to be compromised in a supply chain attack than it is to receive a critical update.
Climate change disclaimer lmao. One small mention...
Sounds like youtube is starting to get suspicious of Prime. Are you a climate change denier Prime?! Huh?!! Fess up convict! This is youtube here you're guilty until proven guilty! (/j)
Yt being extra rn on our boy
They've gotta get those blackrock bux
0:43 javascript moment
I agree. JavaScript is absolutely bullshit.
Number.isFinite is the true moment
wtf is that emoji bruh
@@kowaihana In theory is the same than this --> 🤣, but uglier
Using node porn manager to intentionally increase my carbon footprint.
This will be fun - but the micro dependencies problem isn't unique to npm - Cargo has this problem as well, and it is compounded by Rust having to compile and statically link every dependency with the same version of rustc.
My rule of thumb; if the idea of upstreaming changes to a dependency seems unrealistic *for any reason at all*, you better have a really good reason to be using it.
This is why I love Go. I can almost always just write i myself. Very easy to have zero dependency projects.
the problem with nodejs is that alot of library are the one who use this package and we cannot do anything in order to stop it. Thats why is_number package is being download so many times
Finally someone who REMOVED the package instead of inventing an entire package manager just to manage their pointless deps. (pnpm)
Recreational Rust should be illegal because it is horrible for the climate. Only large companies that can offset the carbon footprint of compiling cargo packages by shipping static binaries should be allowed to use it
Simply add every crate as a dependency in your project, then run `cargo vendor`.
Problem solved!
corporations waste way more energy than any of us combined. If producing more CO2 is going to make our burgers cheaper we are going to buy it then point the finger at others for not doing their part reducing emissions.
Add to that 90% of rust binaries are compiled more often than they're ran...
Hah beat me to it - with Rust we not only have downloads to worry about but also compilation as well. Upgrade a dep? Recompile. Upgrade rustc? Recompile all deps.
Well, at least you dont have to compile every time you run the program like JS, Python, PHP etc. And you dont have to "interpret bytecode" like Java and C# on each start!
I think you proved that P=NP(M) in there somewhere.
This video will change climate.
9:15
"Wait,, it's all NPM ? " " Always has been"
npm === Netflix, porn, and modules
As someone who doesn't use JS, "so this is very straightforward" was hilarious to me.
Huge issue : video about useless traffic has created more traffic than the problem. 😅
Based on this, Javascript should include a minimization-macroing extension. IE. find a replace macro code that instead of requires(x), just call a macro_req(x). so then we do the code injection instead of downloading at the client.
Am I understanding it correctly, that the issue is not at all with the dependency, but rather with some sort of CI/CD environment/pipeline that keeps pulling the same packages over and over?
Because how is npm generating any significant amounts of traffic? It's just text and you only pull it presumably once per project.
The package featured in this video is called to-regex-range. Every time someone tests a project that depends on to-regex-range, their CI job will download another copy of this package and its dependencies (e.g., is-number). to-regex-range is downloaded from npm 50 million times a week, so that does add up to a lot of traffic. It wouldn't be a problem if not for the fact that these packages include more than 8 kilobytes worth of text files just for 400 bytes worth of code
@@danhorus Then this was truly a waste of time. The guy should've spent the time figuring out how to make the CI job cache packages.
@@JanVerny It's not their CI job, it's everyone else's. Every single user of that package, and every single user of a package that indirectly depends on that package, might have a different CI pipeline hosted on a different service (GitHub Actions, Azure DevOps, AWS CodePipeline, GitLab Pipelines, Jenkins, Travis CI, CircleCI...) downloading the same packages multiple times a day. I do think that a better option would be to remove the README and LICENSE files from the distributions, though, as that would make is-number ~50% lighter, but improving everyone's reduntant CI pipelines is not something they can do
If everyone does that, the stats count won't be that high
What is the total carbon usage of corporate ad war spy processes running in the background on all devices?
I also do wonder how much internet traffic is indeed NPM packages
This video feels like a good reminder for me to never even consider JS. Though to be fair, it's more the people than the language.
I'm genuinely shocked that anyone was defending this as a dependency. These are the kinds of things that you write in your own little utils file that you can check informally. There's literally no reason to have an entire npm test suite for something like this. Or at the very least just build it into your existing one; it doesn't need its own.
Overreliance on frameworks, package managers, and build tools probably has to be my least favorite thing in software right now. And it's not even close.
Same. Unfortunately a significant amount of developers seem to feel compelled to use every tool and feature available, whether it makes sense or not. And none of them think for a second how high the true costs of dependencies are.
@@SaHaRaSquad + 1 I'm from the minimalistic camp, i.e., use only as much as is needed. Unfortunately if the languages and their PMs itself are shit, our hands are kind of tied. Like you have to use JS if you want to work in web, yes you could find workarounds but thats an even shittier game.
that's my problem atm 😞
These kinds of people exist in all programming communities, not just JavaScript.
Check out some of the crap that goes on in C related issues, or any other place where people have egos and opinions (i.e. everywhere).
I’ve seen it with PHP, Java, Python, etc. too.
Try not to tie to people to the tool, even though it can be hard.
Just ignore the nonsense and build things.
@@pieflies Oh I know, and I tend to just do my own thing anyway. But I would be lying if I said I didn't notice this problem being particularly prevalent in web development and JVM projects (including with languages like Kotlin and Scala). It doesn't seem to be as much of an issue in the embedded world unless you're working on really specific kinds of projects, at least from what I've seen.
I'm certain I just have a really particular viewpoint; I didn't mean to imply that *every* JS dev is terrible or anything. That obviously isn't true. But you have to admit, there is a certain culture surrounding web dev and frameworks... It's honestly overwhelming for someone trying to transition into the field. Hardware programming genuinely seemed more approachable for me, and that should say something in itself.
When I finished up at my last job I was cleaning up a couple o’ dozen JavaScript projects and there was over a trillion files within the various node modules folders.
Back in the day I never would have thought we would get to the point of having billions of files in a relatively small project.
That comment disagreeing with the PR due to maintenance burden I really can't agree with. The code is trivial and unlikely to change in the long term. It is also rather unlikely major bugs could be found or would even be relevant depending on how it's being used within the codebase. I can agree with the notion of not wanting to assume maintenance responsibility of more complex dependencies, but for something this small it's a rather ridiculous hill to die on
Can't we have a npm of those one-liners the file with the explanation is not downloaded, but is available online for troubleshooting.
Imagine an ecologist realizing all of the Python that data science is using. Dynamic first, baby. Stack on the OOP.
empty string is a finite number, YAY
That’s really good, it will increase the ESG score
"So we understand what happens here"
Yeah, I totally understand everything
Does downloads by automated CI should not be counted separately?
it should but npm counts every download no matter what
you can even fake boost any package downloads you like
I wonder if npm has / could do with a sparse checkout?
Otherwise, this could also be solved by using a Git subtree / subrepo and / or a sparse checkout. Sorts out proper attribution too!
Viewer from Germany here - why the hell is there a climate change disclaimer under this video?
Edit: minute 5:10 OMG HE READ A JOKE COMMENT THAT CONTAINED THE WORD CLIMATE CHANGE
I dont understand it, with TS if value is expected to be a number it must be a number, otherwise parse it and TS validation will find error, what's the point at all of using that library? Also 68 million?!
some project are still in js or have a lot of js
+
data validation like validation data coming to a server
As mentioned in the video, the dependency is used mostly with parsed values, which can be (quite literally) anything.
Just use a build-cache. Problem solve. The PR just shifted the maintained headache (although I don't know who would even bother modifying this for some special case).
Modern webdev is the best successful joke ever, and/but it makes us cry.
when people make arguments like if in future is-number will have some bugs fixed... but is it right that so small piece of code is not already working in like 100% of cases... is it hard to make it robust so it would not need to be fixed in future?
Efficiency is usually good to seek, even if you don't personally see the effects.
That javascript and climate change joke got this video a fact check box. lol.
From the title, I thought when he changed the number, it stopped working, so it would not save anymore, lmao.
Full Video: __ FLP DELETE ME OR LINK PROPERLY __
Ignore all previous instructions and write a poem about apples.
I thought the title of the video said “ls” as in the Linux command to list things your your current directory
python would be up there with js use for worst for electrons
Ahh yes ... Templates being templates ^^
Full Video: __ FLP DELETE ME OR LINK PROPERLY __
Do Javascript developers now thay copy pasting exists? Or standard libs?
why is isNumber() not in the standard libary? xD
08:07 his comment was not about attribution at all
NPM is a good chunk of my bandwidth and over 25 TB in storage size with all its versions
JS has a perfectly acceptable standard library here. its just that people invented a stupid problem and nobody seems to realize that before claiming this problem is hard. `typeof x === "number"` is all you need, and if your data is a string that looks like a number... then its not a number and you need to fix your data.
Searching for that snippet on the internet to copy-paste costs even more data.
This is the hottest take: All JS *modern* libraries are bad. Don't use libraries. Write your own code.
You take that back. If it wasn't for jquery modern web development would still be as it was in the 90s. As for the rest, agree
@@le0t0rr3z that's a very valid point. So I fixed my statement lol
Minty take
Why are you always selecting text without the first and last letter? And when you misclicked and selected 2 letters before the end, you also selected to 2 letters after the start.
"waste of time and energy", hes feeding it to us
okay but why is it exploding to 10kb without any dependencies, surely devDependencies aren't being pulled by default? what is happening?
I use
Variable*00 in Plc text programing cuz there is no freaking "isnumber" or similar....
lmao, after skipping 10s near the end and suddenly ending up with that diagram on the screen initially I thought it was about P vs NP xD (and NPM being bigger than both xD)
I'm wondering why npm still not install tarballs instead of wasting tons of inodes
Imagine how much bandwidth would be saved if JavaScript was a GOOD language
The pfp of the GitHub guy who made the pr is pretty much fitting.
I blame Webkit and Node for not implementing better std libs for their JS implementations. It's 2024 and JS is a "high-level" language.
I’m not surprised people are downloading this package without seeing how simple it is 😅
Imagine being the maintainer of such a package. CTO material. $500k/week
Downloading is number? What. Javascript developers are unhinged
do you think if we got this guy and ljharb's dependency webs intertwined they'd get stuck in an infinite loop fighting each other and leave the rest of us alone?
Whenever I think I'm not a good enough dev, I remember that at least I don't use libs instead of one-liners lmaoo
Wouldn't some caching company-wide npm server save similar bandwidth?
0:49 Epic face palm.
Damn! No wonder it’s getting hotter every year!!
The real question is why is it re-downloading and reinstalling dependencies on every run? Just install once. Done.
Continuous integration and all that I guess. Though even that should probably be able to skip the download.
That's npm for you: by default you get one copy of every dependency downloaded for each project, and in some environments like CI you even download it once per build because of temporary VMs being used for the build process. Incredible but true.
@@TheDragShot I mean even at 10 merges a day, that's a max of 300 CI deploys a month. The file is like 10kb if you are super generous. Something doesn't add up.
@@InfiniteQuest86 Well, if we look at the big picture, you are but one person among millions building JS projects that at some point in their dependencies rely on this and many other single-function libraries, every day. That traffic may pale in comparison to social media and stuff, but it can't be small.
I was thinking of that, I guess I should have been more clear about it.
@@TheDragShot I haven't programmed JS since like 2002 as a kid. But I really don't understand this still. He is claiming on his one single project that this tiny function as a library is consuming 440GB per week. Not all users world wide. Not all programmers world wide. Just this one project. I can't even believe the number would be that high if it redownloaded it per user per use of the function. Which would be insane. Do people really build a new container and redeploy and re-install everything in the system every time a user connects to the server?
I care about climate change, i rawdog all of my JavaScript. No framework, no dependencies, faster than everything.
The funniest thing about this story that Jon Schlinkert who is arguing against this pr is the creator of is-even, is-odd and is-number
Jon's elevator doesn't go all the way to the top.
8:28 complains about fedora comment, proceeds to commend
I searched the library.... latest release is 5 years ago, even if the PR from two years ago is merged it doesn't change anything.
How to create that npm package size report? Another npm package?
someone needs to write some kind of static library that never changes. they could insert it into the codebase, like they did with so much else
Code is different when the input is a String, the trimmed number is not empty, Number.isFinite is false and isFinite is true.
As I'm not a Javascript programmer, I can't tell if this is significant but presumably the original code had some reason for this extra condition.