average day in NPM land
average day in NPM land
average day in NPM land
You're viewing a single thread.
440GB weekly for "is number". What in the world is that package doing?
is-number is a one-line function. (though it's debatable if a function that complex should be compressed to one line)
You may have heard of a similar if more extreme "microdependency" called is-even. When you use an NPM package, you also need all the dependencies of that package, and the dependencies of those dependencies recursively. Each package has some overhead, eventually leading to this moment in time.
Web bloat in a nutshell and why we need to switch to things like Web Assembly more than ever. It's not WASM, but I used Laminar which is a Scala.js library, and it's the absolute pinnacle of (frontend) web development. Scala in general is just really great for idiomatic web code, its flexibility is unbeatable.
Another amazing alternative would be anything Rust. In fact I've used that much more than Scala for web. I've mainly used Leptos for full-stack and and Actix for backend, but I've seen Dioxus and Axum in good use and they both seem really great too.
Apparently Lemmy uses Leptos for its UI so... that's a +1.
I feel like this is completely avoidable bloat.
You could quite easily create this bloat in any language
It handles a few weird edge cases, mostly. Only 7 meaningful lines of code and almost 70M downloads week!
Sadly, it's a stupid dependency of a lot of things.
Just ran npm explain is-number
on one of my projects, and it's a dependency of to-regex-range
which is a dependency of fill-range
which is a dependency of....and so on up the chain.
I was hoping I wouldn't find that in there, but alas, it is.
Given that this screenshot is about to-regex-range
I think they might be on to something!
🤦♂️😆
Didn't even catch that in the screenshot. lol
I don't get the concept that depending on 7 lines of code from a third-party package is remotely acceptable. It's expanding the potential attack surface to save a dev from templating 7 lines of boilerplate. There's no net benefit or appreciable time saved.
I'm glad I don't have to deal with this regularly.
ETA: The package is even MIT licensed! There's no excuse but laziness and not wanting to understand the code to import this rather than inlining or implementing a novel version. If I can spend the time to write:
undefined
if err != nil { slog.Warn("well shit", "error", err) return err }
after every function call...I just didn't get it.
You’re right, it’s not sane! The js ecosystem is hell
I'm not sure, this is a valid estimate. If they were to replace is-number
with its contents, that would mean that the economy is only in HTTP-related overhead.
It maybe will make difference because of building phase, lock-files, package-files, but I am not sure that data-traffic difference is that big