And here I was thinking that the NPM / node.js packaging ecosystem couldn't get any worse... One of the first comments in the github thread has an interesting take on it: Right now it's just a...
And here I was thinking that the NPM / node.js packaging ecosystem couldn't get any worse...
One of the first comments in the github thread has an interesting take on it:
Because if every npm package adds ads, the noticeability of each ad will diminish. (Interestingly, the most valuable "realestate" will be packages whose banner is displayed last, so if it becomes a literal "race-to-the-bottom" people might add sleep statements to their post-install scripts so they are displayed nearest the bottom. What a dystopian installation experience!)
Right now it's just a console.log that displays the same ad to everyone...but I can imagine this turning into an arms race if more NPM packages adopted this funding model. Both trying to make their ads more visible than every other ad, as well as potentially poking around on the local filesystem to try to gather data for ad-targeting.
Taken from this Reddit thread, thought this could be an interesting discussion. My previous comment was done hastily, but now that I have some time, a few thoughts I'd like to note: From the top...
Taken from this Reddit thread, thought this could be an interesting discussion.
My previous comment was done hastily, but now that I have some time, a few thoughts I'd like to note:
The website is misleading. The name "Standard" can give off the false impression that the project is official or endorsed by Javascript in some way, when it isn't.
This is nothing more than a config file for ESLint, a popular open-source Javascript linter. None of the advertising revenue from Standard is going upstream to ESLint, or any projects in the dependency chain.
Speaking of this being just an ESLint config, the author has a separate repo which contains the actual config file (eslintrc.json). So, when the value of Standard is this 200 line JSON config file... why is all the "cruft" around it needed, and why did it take 5 days (and $2000) to release a new version?
This Github comment shows that Standard depends on 233 packages by 125 contributors, of which none of the funding is going to.
What I'm most pissed about is that I need those logs to do my damn job. This isn't like a billboard on a highway -- this is like if a surgeon had to close a pop-up every time she wanted to pick up her scalpel. I don't want to waste time filtering ads when I'm trying to debug.
With the current nature of the Javascript/NPM ecosystem, it won't be long before build logs are filled with "Use code left-pad for 1 month of NordVPN for $5.99!" As someone who was really into Javascript a while ago, and now has been using pretty much just Python, Go, and C++ for a few months, it seems absurd to me. I will admit, Javascript has some nice tooling, but when you're pulling in hundreds (or thousands!) of dependencies, of which you only explicitly depend on a dozen, you have to think about how fragile this all is. More and more critical web infrastructure is being built on the Javascript ecosystem and you have to wonder how well-audited all this code is, and if it's even possible for anyone who isn't a megacorp with the funds to dedicate the needed developer time.
The insane thing is that this is a 200-line config file with 129 contributors and 1577 commits. Which makes no mention of the fact that another project does all the heavy lifting. Talk about...
The insane thing is that this is a 200-line config file with 129 contributors and 1577 commits. Which makes no mention of the fact that another project does all the heavy lifting. Talk about resume-padding and PR-driven development (public relations, not pull request). The javascript world continues to operate like the dumbass second cousin to any sane programming ecosystem.
One thing that astounded me was when I came across a Github profile with hundreds (maybe over a thousand!) NPM packages, each one just a few simple lines of code, often depending on the author’s...
Talk about resume-padding and PR-driven development
One thing that astounded me was when I came across a Github profile with hundreds (maybe over a thousand!) NPM packages, each one just a few simple lines of code, often depending on the author’s other small packages, creating insane dependency chains. I can only assume this kind of thing is done to pad portfolios. All you need is for one large package to depend on something of yours, and before you know it, the dependency chain downloads dozens or hundreds of your miniscule packages.
And here I was thinking that the NPM / node.js packaging ecosystem couldn't get any worse...
One of the first comments in the github thread has an interesting take on it:
Right now it's just a
console.logthat displays the same ad to everyone...but I can imagine this turning into an arms race if more NPM packages adopted this funding model. Both trying to make their ads more visible than every other ad, as well as potentially poking around on the local filesystem to try to gather data for ad-targeting.Taken from this Reddit thread, thought this could be an interesting discussion.
My previous comment was done hastily, but now that I have some time, a few thoughts I'd like to note:
With the current nature of the Javascript/NPM ecosystem, it won't be long before build logs are filled with "Use code left-pad for 1 month of NordVPN for $5.99!" As someone who was really into Javascript a while ago, and now has been using pretty much just Python, Go, and C++ for a few months, it seems absurd to me. I will admit, Javascript has some nice tooling, but when you're pulling in hundreds (or thousands!) of dependencies, of which you only explicitly depend on a dozen, you have to think about how fragile this all is. More and more critical web infrastructure is being built on the Javascript ecosystem and you have to wonder how well-audited all this code is, and if it's even possible for anyone who isn't a megacorp with the funds to dedicate the needed developer time.
The insane thing is that this is a 200-line config file with 129 contributors and 1577 commits. Which makes no mention of the fact that another project does all the heavy lifting. Talk about resume-padding and PR-driven development (public relations, not pull request). The javascript world continues to operate like the dumbass second cousin to any sane programming ecosystem.
One thing that astounded me was when I came across a Github profile with hundreds (maybe over a thousand!) NPM packages, each one just a few simple lines of code, often depending on the author’s other small packages, creating insane dependency chains. I can only assume this kind of thing is done to pad portfolios. All you need is for one large package to depend on something of yours, and before you know it, the dependency chain downloads dozens or hundreds of your miniscule packages.