Maybe You Should Think Twice Before Installing That NPM Module?

Maybe You Should Think Twice Before Installing That NPM Module?

Rethinking NPM modules. One of the great things about Node can also be a weakness, the ability to npm i any functionality at a whim. Maybe You Should Think Twice Before Installing That NPM Module? NPM modules from the NPM repository offer a lot of functionality, but should be used sparingly.

NPM modules from the NPM repository offer a lot of functionality, but should be used sparingly.

It has been just over five years since the event known as ‘Left-Pad Apocalypse’. In March of 2016, an NPM user removed their module ‘Left-pad’ from the NPM repository, resulting in the breaking of any  Node.js application which had that dependency.

It was a wake-up call for the Node.js community and some changes were implemented to  NPM after this incident to prevent this from happening again.

What exactly happened

A company called  Kik with a messenger app wanted to use the same module named ‘kik’ as another user,  Azer Koçulu, on NPM. They sent Mr. Koçulu an e-mail from a patent attorney asking him to relinquish the module named ‘kik’. Mr. Koçulu declined to give up the module name. Kik then went to NPM with a trademark request to give them access to the module, which they eventually did.

Mr. Koçulu after losing the module name decided to un-publish all 250 of his other modules from NPM. One of those modules was a module that was used in thousands of projects including  Babel.js. When he un-published ‘left-pad’, it essentially broke the internet. This is because so many projects rely on NPM, not to mention that modules also have their dependencies. You wind up with these giant tree structures of dependencies sometimes 10 levels deep. If you want to visualize this, simply run npm list in your modules directory.

This was caused by a module at the time that was only 11 lines long.

module.exports = leftpad;

function leftpad (str, len, ch) {
  str = String(str);

  var i = -1;

  if (!ch && ch !== 0) ch = ' ';

  len = len - str.length;

  while (++i < len) {
    str = ch + str;
  }

  return str;
}

Laurie Voss, who was the CTO of NPM at the time took the unprecedented step of un-un-publishing a module. NPM as a company was still fairly young and had not run into this scenario before. They made a change to their system that would prevent users from un-publishing a module if there were dependencies on that module to prevent a repeat of this incident.

npm programming javascript nodejs software-development

What is Geek Coin

What is GeekCash, Geek Token

Best Visual Studio Code Themes of 2021

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Offshore Software Development - Best Practices

To make the most out of the benefits of offshore software development, you should understand the crucial factors that affect offshore development.

Hire Dedicated JavaScript Developers -Hire JavaScript Developers

Hire dedicated JavaScript Developers who are proficient in AngularJS, ReactJS, NodeJS, & VueJS frameworks. Get flexible hiring models as per your business requirements.

Hire NodeJs Developer

Looking to build dynamic, extensively featured, and full-fledged web applications? **[Hire NodeJs Developer](https://hourlydeveloper.io/hire-dedicated-node-js-developer/ "Hire NodeJs Developer")** to create a real-time, faster, and scalable...

5 Core Criteria for Selecting Software Development Company - TopDevelopers.co

Check out these five criteria for the selection of your software vendor, and you will never regret having the wrong quality product made for you.

Best Software Development Company in Melbourne

Software Development Company in Sydney, Melbourne. Vrinsoft is Australia based Software Development Agency provides software solutions to increase your sales, reduce costs, and automates business processes with cost-effective, high-quality software development services.