undefined | Better HN

0 pointsHPsquared9mo ago0 comments

11 lines of code! Wow. I had no idea it was that small.

0 comments

There used to be the general wisdom of, "Don't re-invent the wheel. Let the hive-mind craft utility functions and use those because they'll be battle-hardened, well tested, and you can focus on your core business".

I think the left-pad incident helped shatter that myth. He we had huge packages depending on a package which padded a string in an inefficient manner.

It turns out that the many eyeballs of the bazaar had averted their gaze from what was actually happening, which is a system of impossible to audit dependency chains.

I think it also shows the impact of using a language with a poor standard library.

Padding is absolutely something that should be available as an extension over String.

If JavaScript were controlled in the same manner that Go, Rust, Java, .NET, python etc, then it would have been added years ago.

Apparently it has now finally arrived in ES2026: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Refe...

dagw9mo ago

On the flip side, I find that often python for example can go too far in the other directions with huge kitchen sink libraries that depend on other huge kitchen sink libraries. To the point where installing the most popular library for calculating the area of a 2D polygon requires installing a fast Fourier transform library. If you want a single quite simple image processing function, you're all of a sudden installing advanced graph algorithm and signal processing libraries.

bakkoting9mo ago

> Apparently it has now finally arrived in ES2026

ES2017 [1]. The MDN docs always link the latest version of the spec; the year in the link doesn't correspond to the version where it was added. The proposal was already mostly done at the time of the incident [2]

[1] https://tc39.es/ecma262/2017/#sec-string.prototype.padstart [2] https://github.com/tc39/proposal-string-pad-start-end

xnorswap9mo ago

Oh, I see, sorry the "Specification" section is definitely misleading then by not also linking to the earliest specification it was included in.

eviks9mo ago

> the left-pad incident helped shatter that myth

In what way? Have the dependency trees gotten significantly smaller since then?

beej719mo ago

I don't think so, but at least awareness of dependencies as liabilities has increased.

I installed `pass` (the lightweight password manager) on a fresh headless system the other day and it brought in like 60 packages including a bunch of X stuff.

1 more reply

efilife9mo ago

Inefficient? What would be an efficient way to do this? .Repeat() a string and then concatenate?

rootlocus9mo ago

> Most of my open source work followed Unix philosophy, so the packages did one thing at a time. There was 350+ of them.

The man page for a unix binary is at least two orders of magnitude larger. At some point, the "Unix philosophy" doesn't make sense anymore. I mean, it couldn't even rightpad.

another-dave9mo ago

When the metadata for the package is larger than the source code you've probably gone too small!

baobabKoodaa9mo ago

packages like `left-pad` should really be named more like `resume-pad`

oh look at me, 589 published packages on npm! with 5 700 quadripillion weekly installs!

ThinkBeat9mo ago

oh there are thousands of those out there on npm. Short and trivial code. Even if you do not use them at all in your own codebase chances are quite high that some package you do use, uses some of those tiny packages.

j / k navigate · click thread line to collapse

0 comments

xnorswap9mo ago

I think the left-pad incident helped shatter that myth. He we had huge packages depending on a package which padded a string in an inefficient manner.

It turns out that the many eyeballs of the bazaar had averted their gaze from what was actually happening, which is a system of impossible to audit dependency chains.

I think it also shows the impact of using a language with a poor standard library.

Padding is absolutely something that should be available as an extension over String.

If JavaScript were controlled in the same manner that Go, Rust, Java, .NET, python etc, then it would have been added years ago.

Apparently it has now finally arrived in ES2026: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Refe...

dagw9mo ago

bakkoting9mo ago

> Apparently it has now finally arrived in ES2026

[1] https://tc39.es/ecma262/2017/#sec-string.prototype.padstart [2] https://github.com/tc39/proposal-string-pad-start-end

xnorswap9mo ago

Oh, I see, sorry the "Specification" section is definitely misleading then by not also linking to the earliest specification it was included in.

eviks9mo ago

> the left-pad incident helped shatter that myth

In what way? Have the dependency trees gotten significantly smaller since then?

beej719mo ago

I don't think so, but at least awareness of dependencies as liabilities has increased.

I installed `pass` (the lightweight password manager) on a fresh headless system the other day and it brought in like 60 packages including a bunch of X stuff.

1 more reply

efilife9mo ago

Inefficient? What would be an efficient way to do this? .Repeat() a string and then concatenate?

rootlocus9mo ago

> Most of my open source work followed Unix philosophy, so the packages did one thing at a time. There was 350+ of them.

The man page for a unix binary is at least two orders of magnitude larger. At some point, the "Unix philosophy" doesn't make sense anymore. I mean, it couldn't even rightpad.

another-dave9mo ago

When the metadata for the package is larger than the source code you've probably gone too small!

baobabKoodaa9mo ago

packages like `left-pad` should really be named more like `resume-pad`

oh look at me, 589 published packages on npm! with 5 700 quadripillion weekly installs!

ThinkBeat9mo ago

j / k navigate · click thread line to collapse