@email@example.com hmm… I have mixed feelings… Like reinventing the wheel to learn vs using an already round one…
It’s a hard conversation, and as with education it depends on your context and ideology but you can and should ‘force’ it in your organization
@firstname.lastname@example.org All I know is, this problem is much less prevalent in languages without official package managers, like C or Lua.
@email@example.com I see the opposite here, copying and pasting lazily instead of creating reusable code.
I mean, having a dependency to know if a number is odd or even is excessive https://www.npmjs.com/package/is-odd-or-even
But at the same time if your language or runtime gives you these quick snippets is usually better that your own code, due to those “things you didn’t know you don’t know”. That’s why I have mixed feelings on copying and paste vs using a dependency vs reimplementing it yourself.
@firstname.lastname@example.org There can’t be a concrete rule for this sort of thing. I’m generally in favor of reinventing the wheel to certain extent, but using a library can be very useful if you want to focus on the end result.
When your 5 dependencies each have 5 dependencies of their own, then you have a problem.
“dependency hell” comes from this “exponential dependency tree” that we inevitably see in ecosystems like NodeJS / NPM
Yes, and these “ecosystems” try to put a band-aid on it by allowing packages to specify which version of a package they need. All that means is you get 7 different versions of the same package bloating up your node_modules folder and 6 critical vulnerabilities from one package.
Then, it’s impossible to keep track of all 1200 of your dependencies and sub-dependencies, so you get a robot to do it for you: Dependabot. What happens when Dependabot dies? Absolute chaos.
NodeJS library authors could just write better libraries and avoid breaking changes every update, and NodeJS software developers in general could fix their programs when they break, but they don’t. It’s on the “ecosystem” to solve for this, and it inevitably does a terrible job.
are there other examples?
Python, Ruby, Perl, Rust. Sometimes even Go. There’s a little bit of this in every language with an official package manager. I’d say Python and NodeJS are the worst offenders, though.
I feel like I pick on NodeJS / NPM too much
I don’t think we pick on NodeJS/NPM enough.